¿Que puedo hacer con el trafico basura que llega a mi servidor ssh?
Hay veces que recibo conexiones por ssh que son simplemente paquetes
que llegan a dicho puerto, pero otras veces se ve intencionadamente que
prueban ese puerto intentando abrir conexion con diferentes conexiones
como por ejemplo:
Illegal users from these:
account/none from 211.241.199.170: 1 Time(s)
adam/none from 211.241.199.170: 1 Time(s)
adm/none from 211.241.199.170: 2 Time(s)
admin/none from 200.56.125.181: 2 Time(s)
alan/none from 211.241.199.170: 1 Time(s)
apache/none from 211.241.199.170: 1 Time(s)
cip51/none from 211.241.199.170: 1 Time(s)
cip52/none from 211.241.199.170: 1 Time(s)
cosmin/none from 211.241.199.170: 1 Time(s)
cyrus/none from 211.241.199.170: 1 Time(s)
data/none from 211.241.199.170: 1 Time(s)
frank/none from 211.241.199.170: 1 Time(s)
george/none from 211.241.199.170: 1 Time(s)
guest/none from 200.56.125.181: 1 Time(s)
henry/none from 211.241.199.170: 1 Time(s)
horde/none from 211.241.199.170: 1 Time(s)
iceuser/none from 211.241.199.170: 1 Time(s)
jane/none from 211.241.199.170: 1 Time(s)
john/none from 211.241.199.170: 1 Time(s)
master/none from 211.241.199.170: 1 Time(s)
matt/none from 211.241.199.170: 1 Time(s)
mysql/none from 211.241.199.170: 1 Time(s)
noc/none from 211.241.199.170: 1 Time(s)
oracle/none from 211.241.199.170: 1 Time(s)
pamela/none from 211.241.199.170: 1 Time(s)
patrick/none from 211.241.199.170: 2 Time(s)
rolo/none from 211.241.199.170: 1 Time(s)
server/none from 211.241.199.170: 1 Time(s)
sybase/none from 211.241.199.170: 1 Time(s)
test/none from 200.56.125.181: 2 Time(s)
test/none from 211.241.199.170: 5 Time(s)
user/none from 200.56.125.181: 1 Time(s)
user/none from 211.241.199.170: 3 Time(s)
web/none from 211.241.199.170: 2 Time(s)
webmaster/none from 211.241.199.170: 1 Time(s)
www/none from 211.241.199.170: 1 Time(s)
wwwrun/none from 211.241.199.170: 1 Time(s)
Que puedo hacer con este trafico, solo se me ocurre añadir dicha ip
al fichero /etc/hosts.deny.
Reply to: