auth.log showing attempted access
Yuelin Li
liy12 at mskcc.org
Wed Aug 15 00:46:22 UTC 2007
I see many entries like this in /var/log/auth.log
sshd[15144]: Failed password for invalid user josh from::ffff:89.123.234.25 port 2092 ssh2
How can I trace this computer's location? More importantly, how can I
report this person to his/her ISP? "host 89.123.234.25" showed that
this DNS entry can not be reversed. Traceroute stops at
FR1-Frankfurt.teleglobe.net (80.231.64.6). I have added iptables
rules (see http://www.debian-administration.org/articles/187) to try
to tighten SSH access. I feel I should do something about it because
I get a few hundred entries a day coming from the same IP address.
Yuelin.
=====================================================================
Please note that this e-mail and any files transmitted with it may be
privileged, confidential, and protected from disclosure under
applicable law. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other use of this
communication or any of its attachments is strictly prohibited. If
you have received this communication in error, please notify the
sender immediately by replying to this message and deleting this
message, any attachments, and all copies and backups from your
computer.
More information about the ubuntu-users
mailing list