[SGVLUG] ssh breakins

Robert mrflash818 at geophile.net
Fri Aug 4 08:44:55 PDT 2006


Perhaps set your firewall such that no ssh connection attempts from
"dmisinetworks.net" will be allowed?

This is based on the assumption that no legit users login from that
domain....


> I thought when I switched to rsa these break in attempts would be
> discouraged.
> What more can I do?
>
>
> It has nothing of value to anyone other than the users. Messing it up
> would mess up one non-profit.
>
>
> --------------------- SSHD Begin ------------------------
>
>
> Failed logins from:
>     66.253.169.114 (mr-min-169-114.dmisinetworks.net): 14 times
>
> Illegal users from:
>     66.253.169.114 (mr-min-169-114.dmisinetworks.net): 24 times
>
>
> Received disconnect:
>     11: Bye Bye : 38 Time(s)
>
> **Unmatched Entries**
> Address 69.57.150.12 maps to server114.xl-server.org, but this does not
> map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 714 time(s)
>
>
>
>
>


-- 
"Knowledge is Power" -- Francis Bacon

Robert Leyva
mrflash818 at geophile.net



More information about the SGVLUG mailing list