sequences in the auth.log
Craig Edwards
brain at winbot.co.uk
Fri Aug 13 10:33:08 PDT 2004
ive been getting this too on both my freebsd boxes, it seems to be an epidemic. i guess its some form of ssh scanner looking for open accounts with no passwords (or easily guessable passwords)?
Thanks,
Craig
>Hi all,
>I found similar sequences in the
<snip>
>165.21.103.20 port 39836 ssh2
>Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20
>Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57
>Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57
>
>What are these?
>
More information about the freebsd-security
mailing list