From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-43167-garchives=archives.gentoo.org@gentoo.org>)
	id 1FnI51-0006sI-DZ
	for garchives@archives.gentoo.org; Mon, 05 Jun 2006 16:37:27 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k55GZKRq014612;
	Mon, 5 Jun 2006 16:35:20 GMT
Received: from sysconcept.ca (103.205-206-12-0.interbaun.com [205.206.12.103] (may be forged))
	by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k55GTqXY030871
	for <gentoo-user@lists.gentoo.org>; Mon, 5 Jun 2006 16:29:52 GMT
Received: by sysconcept.ca (Postfix, from userid 1000)
	id F19452EB637; Mon,  5 Jun 2006 10:31:48 -0600 (MDT)
Subject: Re: [gentoo-user] SSH authentication attempts - serious issue
From: Joseph <syscon@interbaun.com>
To: gentoo-user@lists.gentoo.org
In-Reply-To: <5bc4c4570606050806w6497ae95x6164274b3cc33b3e@mail.gmail.com>
References: <5bc4c4570606050806w6497ae95x6164274b3cc33b3e@mail.gmail.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Mon, 05 Jun 2006 10:31:48 -0600
Message-Id: <1149525108.20102.43.camel@sysconcept.ca>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.4.2.1 
X-Archives-Salt: 3582d3a4-0b0f-4d46-8cb1-17a4463a37fa
X-Archives-Hash: 95f4f74d3dd9b5f03d83e43db5094cf3

Try port knocking.  It is very effective.
Your ssh port will be closed until you successfully hit certain number
of ports and even though the ssh port will be open only to the IP
address that successfully opened the port all others will see ssh port
as closed.

-- 
#Joseph

On Mon, 2006-06-05 at 12:06 -0300, Leandro Melo de Sales wrote:
> Hi,
> 
>    today when I was checking the server log I got many external
> attempts to connect to my sshd service:
> 
> ...
> Jun  5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z
> Jun  5 05:09:46 embedded sshd[4742]: Invalid user barb from x.y.w.z
> Jun  5 05:09:48 embedded sshd[4744]: Invalid user barbie from x.y.w.z
> Jun  5 05:09:50 embedded sshd[4746]: Invalid user barbra from x.y.w.z
> Jun  5 05:09:51 embedded sshd[4748]: Invalid user barman from x.y.w.z
> Jun  5 05:09:53 embedded sshd[4750]: Invalid user barney from x.y.w.z
> ...

-- 
gentoo-user@gentoo.org mailing list