[CentOS] Strange SSH login try.

Steve Huff shuff at vecna.org
Mon Mar 13 12:24:23 UTC 2006

On Mar 13, 2006, at 6:43 AM, Dominik Składanowski wrote:

> Hello list.
> Today I saw something strange in logs one of my servers. Part of the
> /var/log/security:
> Mar 12 15:01:03 server sshd[28505]: Invalid user abc  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28503]: Invalid user ab  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28507]: Invalid user abcd  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28509]: Invalid user abcde  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28511]: Invalid user abcdef  
> from ::ffff:x.x.x.x
> Mar 12 15:01:04 server sshd[28515]: Invalid user abcdefgh  
> from ::ffff:x.x.x.x
> Mar 12 15:01:04 server sshd[28513]: Invalid user abcdefg  
> from ::ffff:x.x.x.x
> "abcdefgh" is my username to the different machine in the other
> domain, x.x.x.x it's my workstation. Yesterday, I loged into machine
> where my login is "abcdefgh" from x.x.x.x. But not to the "server".
> Anybody has an idea?

looks like a dictionary attack to me; i get these all the time,  
sometimes with sufficient intensity that they crash my gateway router  
(boo!).  these have been discussed recently on-list:

1) consider running sshd on a nonstandard port to dodge the bulk of this
2) consider using port knocking (i think i remember apf being one  
suggested package)
3) make sure you haven't enabled ssh login for any of the generic  
accountnames they use, and make sure your passwords are strong


If this were played upon a stage now, I could condemn it as an  
improbable fiction. - Fabian, Twelfth Night, III,v

More information about the CentOS mailing list