Hello, since this night I experience distributed SSH username/password guessing brute force attacks. Anyone seen something similar?
Up until this night always one host tried to guess username/password combinations until it got banned by fail2ban. But now I see in my logfiles: Oct 22 01:42:18 myhost sshd[2672]: error: PAM: Authentication failure for illegal user root from xxxx.de Oct 22 01:44:49 myhost sshd[2832]: error: PAM: Authentication failure for illegal user root from xxxx.85 Oct 22 01:47:16 myhost sshd[2981]: error: PAM: Authentication failure for illegal user root from xxxx.86 Oct 22 01:50:33 myhost sshd[3233]: error: PAM: Authentication failure for illegal user root from xxxx.ar Oct 22 01:52:38 myhost sshd[3307]: error: PAM: Authentication failure for illegal user root from xxxx.be Oct 22 01:55:34 myhost sshd[3551]: error: PAM: Authentication failure for illegal user root from xxxx.106 Oct 22 01:58:04 myhost sshd[3691]: error: PAM: Authentication failure for illegal user root from xxxx.11 Oct 22 02:00:44 myhost sshd[3999]: error: PAM: Authentication failure for illegal user root from xxxx.cl The time is CEST and the attacks are still ongoing. kind regards, Philipp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/