[PLUG] No ssh cracking attempts?

Denis Heidtmann denis.heidtmann at gmail.com
Tue Dec 23 16:12:24 UTC 2014


On Tue, Dec 23, 2014 at 7:51 AM, Rich Shepard <rshepard at appl-ecosys.com>
wrote:

>    Last Thursday or Friday the daily log reports showed fewer cracking
> attempts via ssh. The number (and types) decreased over the weekend and
> today there's nothing. Historically, there are hundreds to
> tens-of-thousands
> probes each day attempting to use ssh to enter my network. Not seeing any
> is
> an issue needing resolution.
>
>    I wonder if this might be related to the DNS change that separates
> appl-ecosys.com (the web site name hosted at my ISP) from
> mail.appl-ecosys.com hosted here with the ever-changing dynamic IP
> address.
>
>    The oldest syslog has multiple entries (different times) of this type:
>
> /var/log/syslog.4:Dec 19 09:44:33 salmo sshd[23988]: warning:
> /etc/hosts.allow, line 10: host name/name mismatch: dedic530.hidehost.net
> != hidehost.net
> /var/log/syslog.4:Dec 19 09:44:34 salmo sshd[23988]: fatal: Unable to
> negotiate a key exchange method [preauth]
>
>    That line was: ALL: LOCAL @appl-ecosys.com : allow
> and I just changed that to ALL: LOCAL @salmo.appl-ecosys.com : allow
>
>    My Web searches found nothing useful; probably poor search terms on my
> part. Your suggestions and advice on how to diagnose what changed, and fix
> it if it needs fixing, is needed.
>
> TIA,
>
> Rich
>
> North Korea has been off-line recently.

-Denis



More information about the PLUG mailing list