There was talk of a new wave of exploits/viruses that tries to gain access via shh. It tries to find entries for guest/admin and a few other common ones.
Might be something like that.
Yeah, it's either a virus or a script that's been passed around. It leaves the same signature of access attempts in the log. I've tuned my iptables firewall to limit IP access to authorized addresses and drop any other connection attempts. Unfortunately this approach isn't practical if you have dialup users with dynamic IPs.
Wouldn't it be easier to just not use acccounts named "guest" or "admin", or at least set decent passwords for those accounts? :)
--Danny, with logs full of those attempts.
Indeed, but it's kinda hard not to have a root account :-O Jeff - Who answers with "-j REJECT --reject-with icmp-host-unreachable" and now gets far fewer probes on any port.