On Thu, Mar 19, 2009 at 10:19:37AM -0500, Paul Hartman wrote: > > In my ssh logs this morning I noticed a couple login attempts with > usenames on them... I've never seen that before. It is usually just an > IP address. > > Mar 18 20:19:48 [sshd] refused connect from postmas...@dns.cablecentro.net.co > Mar 18 23:42:44 [sshd] refused connect from 211.116.136.107 > Mar 18 23:44:44 [sshd] refused connect from > [u2fsdgvkx19g32yzvkmsqkl+mouwitiloicy4iq9oq...@211.116.136.107 > Mar 19 02:41:09 [sshd] refused connect from 221.194.128.66 > > weird... maybe the bad guys are up to something new.
It could be a try to a format string vulnerability or just a bot doing stupid and irrelevant things. I think you should ask to the guys on the openssh project. -- Nicolas Sebrecht
