So today I noticed on one of my internal servers the following:
Jul 17 23:53:13 localhost sshd: Invalid user sales from 18.104.22.168
Jul 17 23:53:13 localhost sshd: input_userauth_request: invalid user sales
And I also see….
Jul 17 23:47:11 localhost sshd: reverse mapping checking getaddrinfo for 42.ac.84ae.static.theplanet.com [22.214.171.124] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 20 14:56:01 localhost ¿<28>fail2ban.actions: WARNING [ssh-iptables] Ban 126.96.36.199
Huh? Nothing is port forwarded, and the only thing that could be connecting to the box is a Linksys running 1.28 Tomato.
So I am wondering, is Tomato secure right now?