I was shocked when I looked at /var/log/secure.1 on my machine yesterday,
and I saw a large number (about 20 per day) of entries like this:
=========================================
Oct 15 23:49:42 alfred sshd[26028]: Failed password for illegal user iceuser
from 200.55.41.105 port 42540 ssh2
Oct 15 23:49:49 alfred sshd[26032]: Illegal user horde from 200.55.41.105
Oct 15 23:49:51 alfred sshd[26032]: Failed password for illegal user horde
from 200.55.41.105 port 42638 ssh2
Oct 15 23:49:59 alfred sshd[26036]: Illegal user cyrus from 200.55.41.105
=========================================
(I didn't even know this logfile existed until my filesystem filled up
and I had to find what was causing it)
Are these really nasty people who should be sent to Guantanamo Bay?
Or are they just harmless computer science students?
Will they be able to get past my filewall?
(I'm running the standard shorewall setup.)
According to "whois 200.55.41.105" these guys are in Argentina.
Is that true?
What is the best way to find out?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
