I'm using from long time ago DH on my Slackware GW. But from few versions to
last one I see somthing strange. This is conclusions from the LogWatch wich I'v
use too. Lets see the message from it:
--------------------- SSHD Begin ------------------------
Didn't receive an ident from these IPs:
194.150.121.42: 1 Time(s)
210.188.218.88: 1 Time(s)
211.75.63.196: 2 Time(s)
212.52.133.242: 1 Time(s)
222.128.249.121: 1 Time(s)
74-130-120-232.dhcp.insightbb.com (74.130.120.232): 1 Time(s)
80.96.76.4: 2 Time(s)
Failed logins from these:
adm/password from 210.188.218.88: 1 Time(s)
adm/password from 212.52.133.242: 1 Time(s)
bin/password from 210.188.218.88: 1 Time(s)
bin/password from 212.52.133.242: 1 Time(s)
bin/password from 74.130.120.232: 1 Time(s)
daemon/password from 210.188.218.88: 1 Time(s)
daemon/password from 212.52.133.242: 1 Time(s)
ftp/password from 210.188.218.88: 1 Time(s)
ftp/password from 211.75.63.196: 4 Time(s)
ftp/password from 212.52.133.242: 1 Time(s)
ftp/password from 74.130.120.232: 1 Time(s)
games/password from 210.188.218.88: 1 Time(s)
games/password from 212.52.133.242: 1 Time(s)
halt/password from 210.188.218.88: 1 Time(s)
halt/password from 212.52.133.242: 1 Time(s)
invalid user abc (password) from 211.75.63.196: 4 Time(s)
invalid user adam (password) from 210.188.218.88: 1 Time(s)
invalid user adam (password) from 212.52.133.242: 1 Time(s)
invalid user admin (password) from 194.150.121.42: 2 Time(s)
invalid user admin (password) from 210.188.218.88: 7 Time(s)
invalid user admin (password) from 211.75.63.196: 4 Time(s)
invalid user admin (password) from 212.52.133.242: 27 Time(s)
invalid user admin (password) from 74.130.120.232: 1 Time(s)
invalid user administrator (password) from 194.150.121.42: 2 Time(s)
invalid user administrator (password) from 210.188.218.88: 1 Time(s)
invalid user administrator (password) from 212.52.133.242: 1 Time(s)
invalid user admins (password) from 210.188.218.88: 2 Time(s)
invalid user admins (password) from 212.52.133.242: 2 Time(s)
invalid user ads (password) from 211.75.63.196: 4 Time(s)
...and many more lines like this.
So, DH punish hosts in "Didn't receive an ident from these IPs" and sent me an
e-mail. But the others ??? Real dictionary attacks?
Have someone same problem? Please, advise how to proceed.
Regards
Topper-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
