auth.log showing attempted access
sktsee at tulsaconnect.com
Wed Aug 15 03:37:20 UTC 2007
On Tue, 2007-08-14 at 20:46 -0400, Yuelin Li wrote:
> I see many entries like this in /var/log/auth.log
> sshd: Failed password for invalid user josh from::ffff:220.127.116.11 port 2092 ssh2
> How can I trace this computer's location? More importantly, how can I
> report this person to his/her ISP? "host 18.104.22.168" showed that
> this DNS entry can not be reversed. Traceroute stops at
> FR1-Frankfurt.teleglobe.net (22.214.171.124). I have added iptables
> rules (see http://www.debian-administration.org/articles/187) to try
> to tighten SSH access. I feel I should do something about it because
> I get a few hundred entries a day coming from the same IP address.
$ whois 126.96.36.199
and go from there.
More information about the ubuntu-users