On Sunday, 18 September 2005 16:40, Oleg Goldshmidt wrote: > > I see a lot of those in the log of my home machine. Basically, I have > ssh open and I connect to the machine myself when I am at work, > travelling, etc. I am typing this mail while connected via ssh. > > I figure that these entries are from blind and stupid attempts to > guess usename/password combination manually or automatically.
That's one possibility. Another possibility is that someone is running an automated vulnerability scanner (e.g. nessus) to look for weaknesses. Yet another possibility is that someone is targetting an attack against your machine (though the chances here are slim). If it's #1, you want to stop them before they brute-force a valid login (see GSM's example). If it's #2, you want to stop them before they find your SSH is vulnerable to one of these attacks: http://www.securiteam.com/cgi-bin/htsearch?words=ssh If it's #3, you want to block them for a while so that they get tired and go bother someone else. As for your own logins - blocking yourself for a while is a good way to condition yourself for typing passwords correctly. Also, there's always portknocking. -- - Aviram ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
