[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Continuous brute force attempt from own server !!!



Dear list,

I'm suffering with a very serious issue and seek guidance.

I have a debian server functional at my place which is attached with a leased line connection.
Iand I use this box as a gateway.
This debian box administer a remote opensuse linux server through this debian box and I use pubkey auth
mechanism to log into the remote linux server. 

At the remote linux server, I can found huge brute force ssh attempt at the different
port and surprisingly the attempt is made with the same username which I actually use
to llog into the remote box. Some of the messages from log are as below

```````````````````````````````
accepted public key from <username_of_my_local_box> from <WAN_IP_of_my_local_box> port 50574 ssh2
```````````````````````````

The attack is random with a serially increment at port number.
If I bloack the ssh connection limit through firewall at the remote box, It actually blocks me to log into in further.

Could any one suggest what is happening in my local box ?
rootkit ? local box compromising ? What is it ?

Please suggest.
Thanks


Reply to: