Re: intrusion via ssh

To: debian-user@lists.debian.org
Subject: Re: intrusion via ssh
From: Jacob S <stormspotter@6Texans.net>
Date: Thu, 31 Mar 2005 07:28:34 -0600
Message-id: <[🔎] 20050331072834.03863f3d@jacob.6texans.net>
In-reply-to: <[🔎] dbe71fb505033102556b1dc9d4@mail.gmail.com>
References: <[🔎] dbe71fb505033102556b1dc9d4@mail.gmail.com>

On Thu, 31 Mar 2005 12:55:46 +0200
Frederic Guillet <fguillet@gmail.com> wrote:

> Hi,
> 
> i just checked my mail log on my server (that runs sarge with postfix)
> and got this kind of lines:
> 
> MAR 30 20:01:33 servername sshd[17890] illegal user john from
                                         ^^^^^^^
> 24.15.134.130
> 
> I have about 500 attemps with different usernames and the same IP so i
> guess it is a robot which is trying to enter my system.
> 
> the pb with such log is that it does not say if the user has succeeded
> to enter the machine or if the attempt has failed.
> 
> any config advice or tutorial are welcome.

Actually, it does tell, though perhaps not in the wording you would
like. Linux does not let users do 'illegal' actions. (Talking purely
from a security viewpoint here, not legal. :-)

HTH,
Jacob

Reply to:

Follow-Ups:
- Re: intrusion via ssh
  - From: David Roguin <droguin@ases.com.ar>

References:
- intrusion via ssh
  - From: Frederic Guillet <fguillet@gmail.com>

Prev by Date: Re: printing very large sheets
Next by Date: Re: intrusion via ssh
Previous by thread: intrusion via ssh
Next by thread: Re: intrusion via ssh
Index(es):
- Date
- Thread