Hi,
Since a few days i have very long logs of auth failures on sshd.
I'm running sshguard to block incoming connections for 24 hours after 2 failures and it was ok until now.
It really looks like a distributed attack, but there's something strange: they are all trying to bruteforce the root account... Really it doesn't make sense... Or I'm missing something, are they trying to fill my log partition (3 Gb free)? to fill my pf table until i'm running out of memory (2Gb of virgin swap space)? Something else? Or they are just really stupid?
Thanks for your suggestions.
Since a few days i have very long logs of auth failures on sshd.
I'm running sshguard to block incoming connections for 24 hours after 2 failures and it was ok until now.
It really looks like a distributed attack, but there's something strange: they are all trying to bruteforce the root account... Really it doesn't make sense... Or I'm missing something, are they trying to fill my log partition (3 Gb free)? to fill my pf table until i'm running out of memory (2Gb of virgin swap space)? Something else? Or they are just really stupid?
Thanks for your suggestions.
