On 1/10/08, Ken <[EMAIL PROTECTED]> wrote: <snip> > I never see anything like that, since my pf rules only allow me to ssh back > to home from my work IP range. > > In the space of about 15 minutes before I enabled pf all of the following > users were tried, probably > by an automated script: <snip>
It appears to just be some bot going around that masks itself under various IP's and nothing more intelligent. When I moved my SSH port to port 23 (via pf and a redirect), all of that stopped. While moving the SSH port doesn't help much against anyone running an nmap scan, it stops blind port 22 scans that run generic password hacks and filling your logs with crap, --Kenny