Menu
▾
▴
Re: [Sshguard-users] [Sshguard-maintainers] Not catching failed passwords
|
From: Mij <mi...@bi...> - 2007-10-23 15:24:29
|
On 20/ott/07, at 18:49, Forrest Aldrich wrote: > sshguard is not catching failed password attempts for "valid" users: > > Oct 20 10:10:56 gw sshd[86897]: Failed password for root from > 80.93.212.74 port 53760 ssh2 > Oct 20 10:10:57 gw sshd[86899]: Failed password for root from > 80.93.212.74 port 53839 ssh2 > Oct 20 10:10:59 gw sshd[86901]: Failed password for root from > 80.93.212.74 port 53913 ssh2 > Oct 20 10:11:01 gw sshd[86903]: Failed password for root from > 80.93.212.74 port 53985 ssh2 > Oct 20 10:11:02 gw sshd[86918]: Failed password for root from > 80.93.212.74 port 54060 ssh2 > Oct 20 10:11:04 gw sshd[86920]: Failed password for root from > 80.93.212.74 port 54146 ssh2 > Oct 20 10:11:05 gw sshd[86922]: Failed password for root from > 80.93.212.74 port 54217 ssh2 > Oct 20 10:11:07 gw sshd[86924]: Invalid user administrator from > 80.93.212.74 > Oct 20 10:11:07 gw sshd[86924]: Failed password for invalid user > administrator from 80.93.212.74 port 54290 ssh2 > Oct 20 10:11:09 gw sshd[86926]: Invalid user administrator from > 80.93.212.74 > Oct 20 10:11:09 gw sshd[86926]: Failed password for invalid user > administrator from 80.93.212.74 port 54369 ssh2 > Oct 20 10:11:10 gw sshd[86928]: Invalid user administrator from > 80.93.212.74 > Oct 20 10:11:10 gw sshd[86928]: Failed password for invalid user > administrator from 80.93.212.74 port 54444 ssh2 > Oct 20 10:11:12 gw sshd[86930]: Invalid user administrator from > 80.93.212.74 > Oct 20 10:11:12 gw sshguard[85248]: Blocking 80.93.212.74: X > failures over X seconds. > > But it catches an invalid user. It should be especially sensitive > of the failed root password attempts. Even though I do not allow > root logins. this is strange. Would you try running sshguard in debug mode (-d), inject the "failed password" strings and see if sshguard reacts (it should) and when it gets to 4 failed attempts, if it runs the blocking command (it should) and if it fails what it tells |
