I am seeing millions (literally) of these in the logs of my machines: sshd[30216]: Failed password for root from 203.71.62.9 port 35778 ssh2
I understand that this is some kind of virus, but it's not making me very happy because logcheck and and some of our IDS systems are going haywire, creating streams of false alarms. Other than blacklisting the IPs (which is a race I am going to lose), what are people doing? Are there any distinctive marks in the SSH login attempt that one could filter on? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! spamtraps: [EMAIL PROTECTED] "i wish there was a knob on the tv to turn up the intelligence. there's a knob called 'brightness', but it doesn't seem to work." -- gallagher
signature.asc
Description: Digital signature
