David Baron wrote: > Someone is trying to ssh on to my system. Trying on several ports. Not the > first time, either. Thankfully, he does not have a password. Besides a > bunch of Deprecated option ReverseMappingCheck, so far no harm done. > > Since my logs have this IP number, how do I find out who it is?
Not exactly answering your question. But I do see a lot of IPs performing dictionary attacks on my machine. What I do is go through /var/log/auth.log periodically and add the offending IPs to /etc/hosts.deny . That way, in future, the offending IPs cannot perform any dictionary attacks. I currently have around 85 IPs in this list (starting Apr 10, 2007) :-) You should also disable remote root logins to make the machine more secure. hth raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
