Re: Tons of sshd-related messages in my log files

From: David (thunderbolt01@netscape.net)
Date: 02/23/03 

From: David <thunderbolt01@netscape.net>
Date: Sun, 23 Feb 2003 01:33:15 GMT

Carlos Moreno wrote:
>
> Hi,
>
> I know I tend to be over-paranoid sometimes, but I'm
> wondering if I should go to "red alert" mode right
> now.
>
> I'm checking the files /var/log/secure and secure.*,
> and I see *tons* of messages related to sshd, but I
> don't know if those are indications of break-ins, or
> simply unsuccesful attemps to hack into my machine.
>
> The machine is a RedHat 7.3 (haven't applied any
> patches :-( )

Like to live life on the edge I see.
There are updates for openssh on redhat's updates ftpserver so
without more info it would be hard to tell if the system has been
compromised (CRACKED) or not. I would suggest you get "chkrootkit"
and see if it finds anything. But if you aren't going to update your
system you will eventually cause yourself problems.

www.chkrootkit.org

Best of luck!! 

-- 
Confucius:  He who play in root, eventually kill tree.
Registered with the Linux Counter.  http://counter.li.org
Slackware 9.0-beta Linux 2.4.20tbls i686 (GCC) 3.2.2
Uptime: 3 days, 3:36, 1 user, load average: 1.04, 1.05, 1.07