[NCUC E-team] Server under attack

[Tapani Tarvainen]

It looks like ncuc1 is presently under ssh dictionary
attack, authlog is full of stuff like this:

Oct 16 14:27:30 ncuc1 sshd[30041]: Failed password for root from 122.225.109.217 port 2955 ssh2

The attack won't succeed, root password logins have been
disabled since the beginning, but if it intensifies
it may slow things down (and it may be something like
that caused the overload last week, too).
It probably isn't particularly directed at us, looks
more like a script kiddie scanning everything in sight.

For the curious, the that IP address is in China.
If somebody feels like contacting their ISP,
whois gives good-looking contact info.

Otherwise, I guess it might be a good idea to tighten
the box a bit.

-- 
Tapani Tarvainen