Crack attempt

[Brian Densmore]

> -----Original Message-----
> From: Dustin Decker 
> 
> Immediately after I replied to your earlier post, I thought 
> to myself, "I
> really aught to ask Brian what the traffic looked like."  If 
> it's UDP, I'd
> almost wholesale expect it is spoofed.  Same applies to ICMP, 
> but if you're
> looking at genuine TCP traffic, with an established 
> three-way-handshake,
> it's a different story.  (If you're working solely on the 
> basis of what you
> find in syslog and the like, you might not be able to answer 
> the question
> either. [Insert soapbox about logging all packets that 
> traverse the border
> here.])
> 
Should definitely be TCP traffic. Attempts to log in via ssh from
various ports. I don't think there's a port over 1024 on my
system he/she left untouched. There may have been other ports/
services that were attempted, but they would have been dropped as 
part of the firewall rules. Not sure if I'm logging all the 
various ports/services such as ftp,etc. Don't want to open my
server up to too easy of a DOS attack, so I basically ignore
the impossible services.