Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Login attempts on impossible ports
- Guillaume Dargaud
May 30, 2013, 9:48 am
rate this thread
I have plenty of such messages in my /var/log/auth.log:
mysystem sshd: Failed password for root from 18.104.22.168 port 47968
With all kind of 5-digit ports.
This machine is behind a NAT with only one redirected port.
What is going on ? How come those ports are being reached by an attacker ?
Why is sshd even listening on that port ?!? Or am I reading the log wrong ?
- Dag-Erling SmÃ¸rgrav
May 30, 2013, 11:30 am
Re: Login attempts on impossible ports
You may want to look at the /etc/hosts.allow file.
list all that you want to take ssh from, and deny the rest.
sshd : 22.214.171.124 : allow
sshd : ALL : deny
ALL : ALL : deny
line at the end.
That blocks all unwanted sessions at the network level
- » question about putty logs with exec channel requests's
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum