server listening on port 22 and attempted logins from an unauthorized user
I was looking through my system logs and /var/log/auth.log shows this
Mar 2 05:57:47 localhost sshd[3634]: Server listening on :: port 22.
... here is just me logging in and out of root
Mar 2 06:43:36 localhost sshd[7302]: Did not receive identification string from ::ffff:218.38.14.208
Mar 2 06:53:37 localhost sshd[7422]: Illegal user jordan from ::ffff:218.38.14.208
... about 90 attempts using different user names
Mar 2 06:56:43 localhost sshd[7638]: Illegal user vip from ::ffff:218.38.14.208
I don't know 218.38.14.208, I did a traceroute and discovered that it was not on the campus network that I'm on. I find it unusual to get this attack since I'm just using my computer as a simple desktop.
I set up a firewall to block port 22. I changed my password too. Ever since this incident I get the "Server listening on :: port 22" message. I looked around on the internet and this is apparently harmless, but I'm worried since it started reporting this the day I got these attempted logins.
So my questions are: does this recurring message of a server listening on port 22 suggest something fishy? How do I disable remote logins? What things can I do to protect myself from this?
Last edited by kevinlyfellow; 03-04-2005 at 11:49 PM.
|