Brute force attacks
I guess I am very concerned about my log watches today. Usually I get several failed attempts from various ip addresses, nothing that I would classify as severe…. But today I found this tid bit in my log watch (See below). The question is now; is there some reporting proceedure that I should follow in reporting this address to someone, also are there any steps I can take to prevent anymore of this??
sshd:
Authentication Failures:
root (hnd01.aspwb.com ): 560 Time(s)
root (203.69.243.102 ): 1 Time(s)
Failed password for root from ::ffff:202.227.184.84 port 48570 ssh2
Failed password for root from ::ffff:202.227.184.84 port 48755 ssh2
Failed password for root from ::ffff:202.227.184.84 port 48947 ssh2
Failed password for root from ::ffff:202.227.184.84 port 49136 ssh2
Failed password for root from ::ffff:202.227.184.84 port 49341 ssh2
< Snipped because I think you see where this is going>