Gé Weijers wrote: > On Mon, Aug 13, 2012 at 9:01 AM, Leonard den Ottolander > <leonard at den.ottolander.nl> wrote: >> Hello Mark, >> >> On Mon, 2012-08-13 at 11:30 -0400, m.roth at 5-cent.us wrote: >>> Aug 10 17:44:56 <my server> sshd[12350]: Connection from >>> 114.113.199.142 port 511 871 >>> Aug 10 17:44:57 <my server> sshd[12341]: Received disconnect from >>> 114.113.199.144 2: 11: Bye Bye >> >> The above looks like someone connecting then disconnecting without even >> attempting a login. > > Some attack programs are too stupid to give up even if they find that > password and keyboard interactive authentication is turned off. One > kept trying for weeks. Then there are the ones who don't realize that, but are the low-flyers, that spend weeks trying to break in, but at the same time hit slowly, so that they won't be noticed by programs like fail2ban. mark