Are you seeing failed logins for a specific user, or for a specific port?Quote:>One of our user accounts became locked yesterday. The number of unsuccessful
>logins exceeded the limit of 99. When reviewing the account login settings,
>we noticed that the unsuccessful logins keep increasing at the rate of one
>per second. Is there a way to see where these attempts are coming from? Does
>it look like a hack, or what? It started on Monday morning.
If these are failures on a pseudo tty, and if you are seeing these happening
in real time as you say, you could use 'netstat' to list the current remote
connections via TCP.
10. Hack attack?
12. Hack attack