[nycbug-talk] Distributed ssh dictionary attacks

Jonathan jonathan at kc8onw.net
Tue Nov 25 19:19:15 EST 2008


Is anyone else seeing the usual ssh attacks go distributed?  I'm seeing
failed usernames from a large variety of address going by in a slow
alphabetical list.  I guess I will have to actually change ssh to an
alternate port to quiet the logs a bit :P  Anyone have any other
suggestions or is that the best workaround these days?

Thanks,
Jonathan

A short section of the log, covers about 30 minutes...
error: PAM: authentication error for illegal user charleen from
71.117.126.102
error: PAM: authentication error for illegal user charleen from
89.96.172.100
error: PAM: authentication error for illegal user charleigh from
200.141.223.99
error: PAM: authentication error for illegal user charleigh from
211.154.254.89
error: PAM: authentication error for illegal user charleigh from
211.154.128.158
error: PAM: authentication error for illegal user charlene from
122.224.128.222
error: PAM: authentication error for illegal user charles from
194.224.118.61
error: PAM: authentication error for illegal user charles from
195.234.169.138
error: PAM: authentication error for illegal user charlie from 62.61.141.93
error: PAM: authentication error for illegal user charlie from 79.188.238.50
error: PAM: authentication error for illegal user charlize from
218.248.79.251



More information about the talk mailing list