[PLUG] No ssh cracking attempts?
Denis Heidtmann
denis.heidtmann at gmail.com
Tue Dec 23 16:12:24 UTC 2014
On Tue, Dec 23, 2014 at 7:51 AM, Rich Shepard <rshepard at appl-ecosys.com>
wrote:
> Last Thursday or Friday the daily log reports showed fewer cracking
> attempts via ssh. The number (and types) decreased over the weekend and
> today there's nothing. Historically, there are hundreds to
> tens-of-thousands
> probes each day attempting to use ssh to enter my network. Not seeing any
> is
> an issue needing resolution.
>
> I wonder if this might be related to the DNS change that separates
> appl-ecosys.com (the web site name hosted at my ISP) from
> mail.appl-ecosys.com hosted here with the ever-changing dynamic IP
> address.
>
> The oldest syslog has multiple entries (different times) of this type:
>
> /var/log/syslog.4:Dec 19 09:44:33 salmo sshd[23988]: warning:
> /etc/hosts.allow, line 10: host name/name mismatch: dedic530.hidehost.net
> != hidehost.net
> /var/log/syslog.4:Dec 19 09:44:34 salmo sshd[23988]: fatal: Unable to
> negotiate a key exchange method [preauth]
>
> That line was: ALL: LOCAL @appl-ecosys.com : allow
> and I just changed that to ALL: LOCAL @salmo.appl-ecosys.com : allow
>
> My Web searches found nothing useful; probably poor search terms on my
> part. Your suggestions and advice on how to diagnose what changed, and fix
> it if it needs fixing, is needed.
>
> TIA,
>
> Rich
>
> North Korea has been off-line recently.
-Denis
More information about the PLUG
mailing list