[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

failed root login attempts

I am seeing millions (literally) of these in the logs of my

  sshd[30216]: Failed password for root from port 35778 ssh2

I understand that this is some kind of virus, but it's not making me
very happy because logcheck and and some of our IDS systems are
going haywire, creating streams of false alarms.

Other than blacklisting the IPs (which is a race I am going to
lose), what are people doing? Are there any distinctive marks in the
SSH login attempt that one could filter on?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
spamtraps: madduck.bogus@madduck.net
"i wish there was a knob on the tv to turn up the intelligence.
 there's a knob called 'brightness', but it doesn't seem to work."
                                                          -- gallagher

Attachment: signature.asc
Description: Digital signature

Reply to: