I have a server running 9.1-RELEASE-p10. Periodically I get what appear to be brute-force attacks, based on /var/log/auth.log entries. There seems to be no attempt to authenticate, however, because I don't have any PAM authentication errors in my system logs. In fact, I don't think I've ever seen PAM authentication errors from unknown IP addresses, but I do see "Invalid user" quite frequently. I've considered that they might be collecting statistics regarding prompt latencies so that they have a better idea of whether or not they're using valid usernames. It could also be that they're only attempting to use private keys. Am I missing something here?
Thanks!
Kevin Barry
Thanks!
Kevin Barry