[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Is it possible to hide the ip in ssh connection



On Monday 20,August,2012 11:33 PM, Mika Suomalainen wrote:
> On 20.08.2012 18:15, lina wrote:
>> BTW, what is the 172.21.48.161, seems in the old auth.log* also has
>> this one.
> 
>> # zmore auth.log.2.gz | grep 172.21.48.161 Aug  5 16:05:13 Debian
>> sshd[15369]: Did not receive identification string from
>> 172.21.48.161 Aug  5 16:05:36 Debian sshd[15370]: Invalid user
>> administrator from 172.21.48.161 Aug  5 16:05:36 Debian
>> sshd[15370]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161 Aug  5 16:05:38
>> Debian sshd[15370]: Failed password for invalid user administrator
>> from 172.21.48.161 port 54999 ssh2
> <...>
> 
> For me it looks like a bot, which is trying to guess usernames and
> passwords to your system.
> If you had sshguard or something similar installed, you would also see
> message about that host being banned, because of failed authentications.

I have just installed the sshguard,

I checked the time of the attempt connection from this ip, it's quite
regular. more like some program doing those things.

Aug 13 16:07:31
Aug 13 16:07:52
Aug 13 16:07:52
Aug 13 16:07:54
Aug 13 16:08:07
Aug 14 16:08:16
Aug 14 16:08:42
Aug 14 16:08:42
Aug 14 16:08:45
Aug 14 16:08:46
Aug 16 16:08:29
Aug 16 16:08:53
Aug 16 16:08:53
Aug 16 16:08:55
Aug 16 16:08:56
Aug 5 16:05:13
Aug 5 16:05:36
Aug 5 16:05:36
Aug 5 16:05:38
Aug 5 16:05:40
Aug 6 04:04:45
Aug 6 04:05:09
Aug 6 04:05:09
Aug 6 04:05:10
Aug 6 04:05:11
Aug 6 16:06:08
Aug 6 16:06:29
Aug 6 16:06:29
Aug 6 16:06:31
Aug 6 16:06:32
Aug 7 04:04:44
Aug 7 04:05:07
Aug 7 04:05:07
Aug 7 04:05:09
Aug 7 04:05:23
Jul 29 16:07:53
Jul 29 16:08:14
Jul 29 16:08:14
Jul 29 16:08:15
Jul 29 16:08:22
Aug 2 16:07:50
Aug 2 16:08:11
Aug 2 16:08:11
Aug 2 16:08:13
Aug 2 16:08:18
Aug 4 16:05:38
Aug 4 16:05:58
Aug 4 16:05:59
Aug 4 16:06:01
Aug 4 16:06:02
Aug 5 04:04:42
Aug 5 04:05:05
Aug 5 04:05:05
Aug 5 04:05:07
Aug 5 04:05:08
Jul 27 16:10:23
Jul 27 16:10:43
Jul 27 16:10:43
Jul 27 16:10:45
Jul 27 16:10:48
Jul 28 16:08:09
Jul 28 16:08:29
Jul 28 16:08:30
Jul 28 16:08:31
Jul 28 16:08:32
Jul 29 04:06:20
Jul 29 04:06:43
Jul 29 04:06:43
Jul 29 04:06:46
Jul 29 04:06:47


Thanks again,

> 
>> Thanks again,
> 
> You're welcome :)
> 
> 


Reply to: