Martin McCormick wrote:
Apr 6 05:49:42 dc sshd[12422]: input_userauth_request: illegal
user chuck
You get the idea. This goes on for 3 or 4 minutes and then
just stops for now. I can almost promise that later, another attack
will start from some other IP address and blaze away for a few
minutes.
I asked the same question a while ago.
Seems that there are some linux type worms out there, that use this
to target not well protected linux systems.???
I've build some swatch-rules that after two of these hits, I dump
the host into ifpw-deny space.
--WjW
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
