That seems... unlikely. I have had thousands of unique IPs hit some of my hosts, many to never repeat after a round of attacks. The more plausible route is that they have a botnet of pwned boxes numbering in the hundreds of thousands and they just use them for random dictionary attacks. Once the dictionary attack is done (completely failed), they move on. One lesson to learn from this, though, is to NEVER allow name+password based logins over the Internet. If you open up port 22 to the world, then make sure you restrict logins to SSH key only. Most importantly: PasswordAuthentication no If a million monkeys can write the works of Shakespeare, then a million compromised zombies can eventually crack all of your passwords, too! On 5/9/09 8:17 PM, Lisa Kachold wrote: > Be afraid, very afraid! > > You must put that IP in your firewall! > > There's a good chance they already go in, if you didn't put in iptables > brute force controls? > > On Sat, May 9, 2009 at 5:39 PM, Andrew "Tuna" Harris > > wrote: > > Helloes. > > Yes, another thread about the Chinese. > > Okayso over the past couple days I've been seeing things like this: > > /var/log/messages:May 9 11:00:10 (none) sshd[688]: Connection from > 200.111.157.187 port 51751 > /var/log/messages:May 9 11:00:10 (none) sshd[688]: Did not receive > identification string from 200.111.157.187 > > And then I don't hear from that ip ever again. What's going on here? Did > the script that all those kiddies are using break? Should I be more > concerned? --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss