yesterday while debugging the RST thing, i also spotted a flood of these in the log. circa 17 attemps per minute, lasted for at least a couple of hours. here two example lines only: Sun Apr 22 18:42:33 2018 authpriv.warn dropbear[29515]: Bad password attempt for 'root' from 78.41.112.151:44084 Sun Apr 22 19:02:29 2018 authpriv.warn dropbear[30205]: Login attempt for nonexistent user from 78.41.112.151:47361
i'm pretty used to seeing that kind of bruteforce attempts "from the wild" out in the internet, but in this particular case, that ip resolves to public.metalab.wien.funkfeuer.at possibly just someone experimenting at the metalab (seems to have stopped today). but reporting just in case. -- Wien mailing list [email protected] https://lists.funkfeuer.at/mailman/listinfo/wien
