troubleshooting Question

OpenSSH Port Mystery

Avatar of fvillena
fvillena asked on
Anti-Virus AppsWeb Servers
3 Comments1 Solution505 ViewsLast Modified:
Hi,

I have OpenSSH operating on a Windows 2003 Server and recently we noticed that we where receiving brute force login attempts.

I saw that OpenSSH uses port 22 so we locked down access to the server via this port to a limited number of IP Addresses.

However we are still receiving login attempts as the below event log shows

The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: sshd : PID 2416 : Failed password for illegal user mike from 79.125.35.214 port 49919 ssh2.

At first I thought our ISP hadn't configured the firewall rule correctly but if I try to telent port 22 from an unlisted IP address the server correctly refuses the connection.

Any ideas?

Thanks in advance
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros