bruce bruce
2010-May-14 04:53 UTC
[asterisk-users] Do you think my server is being attacked?
Hello Everyone, Are these indications of attacks on this system? I specifically have port 22 disabled at all times and only port forward it to server when I access SSH for a minute or so. Shouldn't UNKNOWN be an actual IP address? */var/log/secure:* May 14 00:35:39 pbx sshd[9011]: Did not receive identification string from UNKNOWN May 14 00:36:09 pbx sshd[9040]: Did not receive identification string from UNKNOWN May 14 00:36:39 pbx sshd[9075]: Did not receive identification string from UNKNOWN May 14 00:37:10 pbx sshd[9102]: Did not receive identification string from UNKNOWN May 14 00:37:40 pbx sshd[9139]: Did not receive identification string from UNKNOWN May 14 00:38:11 pbx sshd[9166]: Did not receive identification string from UNKNOWN May 14 00:38:41 pbx sshd[9195]: Did not receive identification string from UNKNOWN May 14 00:39:11 pbx sshd[9230]: Did not receive identification string from UNKNOWN May 14 00:39:42 pbx sshd[9250]: Did not receive identification string from UNKNOWN May 14 00:40:13 pbx sshd[9294]: Did not receive identification string from UNKNOWN May 14 00:40:44 pbx sshd[9329]: Did not receive identification string from UNKNOWN May 14 00:41:14 pbx sshd[9366]: Did not receive identification string from UNKNOWN May 14 00:41:44 pbx sshd[9401]: Did not receive identification string from UNKNOWN May 14 00:42:18 pbx sshd[9437]: Did not receive identification string from UNKNOWN May 14 00:42:48 pbx sshd[9457]: Did not receive identification string from UNKNOWN May 14 00:43:19 pbx sshd[9492]: Did not receive identification string from UNKNOWN May 14 00:43:49 pbx sshd[9521]: Did not receive identification string from UNKNOWN May 14 00:44:20 pbx sshd[9564]: Did not receive identification string from UNKNOWN May 14 00:44:50 pbx sshd[9600]: Did not receive identification string from UNKNOWN May 14 00:45:20 pbx sshd[9636]: Did not receive identification string from UNKNOWN May 14 00:45:51 pbx sshd[9663]: Did not receive identification string from UNKNOWN May 14 00:46:21 pbx sshd[9692]: Did not receive identification string from UNKNOWN May 14 00:46:51 pbx sshd[9721]: Did not receive identification string from UNKNOWN May 14 00:47:21 pbx sshd[9756]: Did not receive identification string from UNKNOWN May 14 00:47:52 pbx sshd[9792]: Did not receive identification string from UNKNOWN Thanks, Bruce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100514/2dd711e7/attachment.htm
Steve Edwards
2010-May-14 05:18 UTC
[asterisk-users] Do you think my server is being attacked?
On Fri, 14 May 2010, bruce bruce wrote:> Are these indications of attacks on this system? I specifically have > port 22 disabled at all times and only port forward it to server when I > access SSH for a minute or so. Shouldn't UNKNOWN be an actual IP > address? > > /var/log/secure: > > May 14 00:35:39 pbx sshd[9011]: Did not receive identification string from UNKNOWN > May 14 00:36:09 pbx sshd[9040]: Did not receive identification string from UNKNOWNNot an Asterisk question. If you had asked Google, you may have seen (second result from my Google query) a post ("http://www.freepbx.org/v2/ticket/3461") about FreePBX scanning port 22 every thirty seconds. Maybe this is what you are seeing. -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000