auth.log showing attempted access

Yuelin Li liy12 at mskcc.org
Wed Aug 15 00:46:22 UTC 2007


I see many entries like this in /var/log/auth.log

sshd[15144]: Failed password for invalid user josh from::ffff:89.123.234.25 port 2092 ssh2

How can I trace this computer's location?  More importantly, how can I
report this person to his/her ISP?  "host 89.123.234.25" showed that
this DNS entry can not be reversed.  Traceroute stops at
FR1-Frankfurt.teleglobe.net (80.231.64.6).  I have added iptables
rules (see http://www.debian-administration.org/articles/187) to try
to tighten SSH access.  I feel I should do something about it because
I get a few hundred entries a day coming from the same IP address.

Yuelin.

 
     =====================================================================
     
     Please note that this e-mail and any files transmitted with it may be 
     privileged, confidential, and protected from disclosure under 
     applicable law. If the reader of this message is not the intended 
     recipient, or an employee or agent responsible for delivering this 
     message to the intended recipient, you are hereby notified that any 
     reading, dissemination, distribution, copying, or other use of this 
     communication or any of its attachments is strictly prohibited.  If 
     you have received this communication in error, please notify the 
     sender immediately by replying to this message and deleting this 
     message, any attachments, and all copies and backups from your 
     computer.





More information about the ubuntu-users mailing list