On Monday 13 March 2006 12:43, Dominik Składanowski wrote:
Hello list.
Today I saw something strange in logs one of my servers. Part of the /var/log/security:
Mar 12 15:01:03 server sshd[28505]: Invalid user abc from ::ffff:x.x.x.x Mar 12 15:01:03 server sshd[28503]: Invalid user ab from ::ffff:x.x.x.x Mar 12 15:01:03 server sshd[28507]: Invalid user abcd from ::ffff:x.x.x.x Mar 12 15:01:03 server sshd[28509]: Invalid user abcde from ::ffff:x.x.x.x Mar 12 15:01:03 server sshd[28511]: Invalid user abcdef from ::ffff:x.x.x.x Mar 12 15:01:04 server sshd[28515]: Invalid user abcdefgh from ::ffff:x.x.x.x Mar 12 15:01:04 server sshd[28513]: Invalid user abcdefg from ::ffff:x.x.x.x
"abcdefgh" is my username to the different machine in the other domain, x.x.x.x it's my workstation. Yesterday, I loged into machine where my login is "abcdefgh" from x.x.x.x. But not to the "server".
are you saying that you see failed logins to a server from you workstation with a username you use elsewhere? In that case (assuming that you're very certain you didn't do it by mistake) you may have a security problem.
/Peter
Anybody has an idea?
Regards
D o m i n i k S k ł a d a n o w s k i