Amazon Linux Breakin Attempt

Question

I was having a look in /var/log/secure and noticed the following:

Dec  9 06:03:20 ip-10-58-218-177 sshd[3794]: Did not receive identification string from 177.99.169.130
Dec  9 06:46:12 ip-10-58-218-177 sshd[3897]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:12 ip-10-58-218-177 sshd[3897]: Invalid user admin from 177.99.169.130
Dec  9 06:46:12 ip-10-58-218-177 sshd[3897]: input_userauth_request: invalid user admin [preauth]
Dec  9 06:46:13 ip-10-58-218-177 sshd[3897]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:14 ip-10-58-218-177 sshd[3899]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:15 ip-10-58-218-177 sshd[3899]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:16 ip-10-58-218-177 sshd[3901]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:16 ip-10-58-218-177 sshd[3901]: Invalid user user from 177.99.169.130
Dec  9 06:46:16 ip-10-58-218-177 sshd[3901]: input_userauth_request: invalid user user [preauth]
Dec  9 06:46:17 ip-10-58-218-177 sshd[3901]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: Invalid user guest from 177.99.169.130
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: input_userauth_request: invalid user guest [preauth]
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:21 ip-10-58-218-177 sshd[3905]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:21 ip-10-58-218-177 sshd[3905]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: Invalid user xbian from 177.99.169.130
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: input_userauth_request: invalid user xbian [preauth]
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: Invalid user D-Link from 177.99.169.130
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: input_userauth_request: invalid user D-Link [preauth]
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]

What does this mean and should I be worried?

Welcome to the internet my friend... you didn't think the viagra salesmen just knocked on the email doors, did you? — voretaq7, Dec 10 '13 at 21:09

score 3 · Accepted Answer · answered Dec 10 '13 at 05:54

Thats that the usual random scans trying to find default usernames and passwords. It USUALLY would not be an issue, but if you're worried, fail2ban, configured properly should take the teeth out of brute force attempts. The default ssh rules should be good enough.

Amazon Linux Breakin Attempt

1 Answers1