Dear list, I'm suffering with a very serious issue and seek guidance.
I have a debian server functional at my place which is attached with a leased line connection. Iand I use this box as a gateway. This debian box administer a remote opensuse linux server through this debian box and I use pubkey auth mechanism to log into the remote linux server. At the remote linux server, I can found huge brute force ssh attempt at the different port and surprisingly the attempt is made with the same username which I actually use to llog into the remote box. Some of the messages from log are as below ``````````````````````````````` accepted public key from <username_of_my_local_box> from <WAN_IP_of_my_local_box> port 50574 ssh2 ``````````````````````````` The attack is random with a serially increment at port number. If I bloack the ssh connection limit through firewall at the remote box, It actually blocks me to log into in further. Could any one suggest what is happening in my local box ? rootkit ? local box compromising ? What is it ? Please suggest. Thanks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130726121236.1b821...@shiva.selfip.org
