It's pretty obvious, especially when the login attempts are serial...
Sep 13 20:41:07 localhost xinetd[296]: START: ssh pid=1669 from=64.246.26.9
Sep 13 20:41:12 localhost sshd[1669]: Illegal user test from 64.246.26.9
Sep 13 20:41:12 localhost xinetd[296]: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)
Sep 13 20:41:12 localhost xinetd[296]: START: ssh pid=1671 from=64.246.26.9
Sep 13 20:41:14 localhost sshd[1669]: reverse mapping checking getaddrinfo for ev1s-64-246-26-9.ev1servers.net failed - POSSIBLE BREAKIN ATTEMPT!
Sep 13 20:41:14 localhost sshd[1671]: Illegal user guest from 64.246.26.9
Sep 13 20:41:15 localhost xinetd[296]: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)
----- In Response To -----
Hi,
I don't have any indications of such hacking activity, probably because
I use Mac OSX's built-in software firewall. I suppose it would be
obvious? What are the messages that make you think you're being
guessed at? Something like "attempt to log in as root failed due to
too many attempts?
Just curious about what's out there. Thanks.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Scitech mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/scitech/email@hidden
This email sent to email@hidden
