2009/6/19 Cisco-Education <fabian at baladia.gov.kw>: > Dear All, > > I have the following setup running perfectly OK for a long time > > CentOS release 5 (Final) > sendmail-8.13.8-2.el5 > MailScanner 4.76.25 > bind-9.3.4-6.0.3.P1.el5_2 > > now i jus setup a centos box running BackupPC for backing up my my above > mail server using ssh as per the instructions in backup pc site > i had to enable sshd so i did it and > everthing works perfect and backup works great as per my requirement > > but i notice that when i do a > > tail -f /var/log/secure > > i see the followin very often > --------------------------- > Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78 > Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka > Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from > 87.118.122.78: 11: Bye Bye > Now both the Mail server and the backup pc server behind firewall and ssh > protocol is denied to the hosts in the DMZ zone > > jus wondering how a outside user could try to ssh to my mail server. > if i stop the sshd daemon i dont see any messages in my secure log file > > apprecite your addvice and help > > > regards > > Fabian > > > Most likely answer -- your FW is not actually blocking ssh connections to the servers from outside the DMZ. The source of the traffic is a routable address, if it doesn't match your ip space then your FW isn't working correctly. Brian