LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-04-2005, 11:46 PM   #1
kevinlyfellow
Member
 
Registered: Sep 2003
Distribution: Ubuntu 5.10
Posts: 56

Rep: Reputation: 15
server listening on port 22 and attempted logins from an unauthorized user


I was looking through my system logs and /var/log/auth.log shows this

Mar 2 05:57:47 localhost sshd[3634]: Server listening on :: port 22.
... here is just me logging in and out of root
Mar 2 06:43:36 localhost sshd[7302]: Did not receive identification string from ::ffff:218.38.14.208
Mar 2 06:53:37 localhost sshd[7422]: Illegal user jordan from ::ffff:218.38.14.208
... about 90 attempts using different user names
Mar 2 06:56:43 localhost sshd[7638]: Illegal user vip from ::ffff:218.38.14.208

I don't know 218.38.14.208, I did a traceroute and discovered that it was not on the campus network that I'm on. I find it unusual to get this attack since I'm just using my computer as a simple desktop.

I set up a firewall to block port 22. I changed my password too. Ever since this incident I get the "Server listening on :: port 22" message. I looked around on the internet and this is apparently harmless, but I'm worried since it started reporting this the day I got these attempted logins.

So my questions are: does this recurring message of a server listening on port 22 suggest something fishy? How do I disable remote logins? What things can I do to protect myself from this?

Last edited by kevinlyfellow; 03-04-2005 at 11:49 PM.
 
Old 03-04-2005, 11:52 PM   #2
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
Is sshd running? The ssh daemon usually runs on port 22. Do a ps aux and see if it is currently running. If it is you probably need to remove it from your init scripts.

SSH is secure however, so it is pretty doubtful anyone is going to break in that way.
 
Old 03-24-2005, 10:41 PM   #3
kevinlyfellow
Member
 
Registered: Sep 2003
Distribution: Ubuntu 5.10
Posts: 56

Original Poster
Rep: Reputation: 15
Sorry for the long wait, been very busy lately... sshd is running, but I've decided that I'm not going to worry about it. It seems to be a freak thing and your right, they won't be able to guess their way through... But it is a little scary to see that in my logs
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
unauthorized client cant access my DHCP server selfnet Linux - Networking 2 04-28-2005 05:21 AM
attempted logins and shutdowns on tty1 tw001_tw Linux - Security 7 08-03-2004 08:29 PM
Suse Standard Server wont accpet user logins pshepperd Linux - Software 2 01-13-2004 03:19 PM
How to change listening port of echo server [RH9]? immer Linux - Networking 5 11-29-2003 04:30 PM
X server crashing - port listening time112852 Linux - Software 9 10-06-2003 12:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration