kernel: printk: 1 messages suppressed

C

calimero1505

Verified User
Joined
Jan 4, 2004
Messages
74
Hi,

Does anyone know what causes this error?
This is in the logs:

Jan 22 22:17:06 streams1 sshd(pam_unix)[23772]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.38.214.115 user=mailnull
Jan 22 22:17:12 streams1 sshd(pam_unix)[23775]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.38.214.115 user=nfsnobody
Jan 22 22:17:18 streams1 sshd(pam_unix)[23777]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.38.214.115 user=rpcuser
Jan 22 22:17:24 streams1 sshd(pam_unix)[23779]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.38.214.115 user=rpc
Jan 22 22:17:29 streams1 sshd(pam_unix)[23782]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.38.214.115 user=gopher
Jan 22 22:57:37 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:04 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:09 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:13 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:00:20 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:25 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:00:29 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:34 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:45 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:00:54 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:01:26 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:02:04 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:02:09 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:02:20 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:02:37 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:02:55 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:03:10 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:03:15 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:03:19 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:03:24 streams1 kernel: printk: 4 messages suppressed.
Jan 22 23:03:32 streams1 kernel: printk: 5 messages suppressed.
Jan 22 23:03:43 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:04:10 streams1 kernel: printk: 5 messages suppressed.
Jan 22 23:04:26 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:04:29 streams1 kernel: printk: 4 messages suppressed.
Jan 22 23:04:35 streams1 kernel: printk: 4 messages suppressed.
Jan 22 23:04:43 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:04:50 streams1 kernel: printk: 4 messages suppressed.
Jan 22 23:04:55 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:04:58 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:05:04 streams1 kernel: printk: 3 messages suppressed.
Click to expand...

And so on. Today the server did not accept connections anymore for a little while. Then it came up again.

What can this be and how to handle?
 
It appears that you've got a mini DOS attack going against you; someone is trying to log in as sshd, trying over and over again.

If you're running linux you can try APF+BFD, which can protect against this kind of attack.

If you're running FreeBSD you can probably find similar functionality in a BSD firewall.

Jeff
 
Hi Jeff,

Thanks for reply.

Dmesg tells me this a lot: TCP: Treason uncloaked! Peer IP:56126/6052 shrinks window 872409199:872411799. Repaired.

So i think it is indeed a attack on on particular port (6052)?
 
You must log in or register to reply here.
Back
Top