I have OpenSSH operating on a Windows 2003 Server and recently we noticed that we where receiving brute force login attempts.
I saw that OpenSSH uses port 22 so we locked down access to the server via this port to a limited number of IP Addresses.
However we are still receiving login attempts as the below event log shows
The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: sshd : PID 2416 : Failed password for illegal user mike from 220.127.116.11 port 49919 ssh2.
At first I thought our ISP hadn't configured the firewall rule correctly but if I try to telent port 22 from an unlisted IP address the server correctly refuses the connection.
Thanks in advance