RE: attack 2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi John,

Up till now a strong firewall is not installed. I block only all
incoming ports, with exception of 22, which is directed to the
Linuxserver.
I changed the situation, blocking all ports, changing passwords and just
allowing VPN.

I just wonder what possibilities VPN is giving to the outside world.

I examined my /etc/ssh/sshd_config and foung

#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

What does it mean?
Can't we use ssh_host_rsa_key such as used by NX-nomachine? Or some
authentication with keys.

What is maxStartups 10?
What is reversemapping?

-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of jludwig
Sent: woensdag 11 mei 2005 1:22
To: For users of Fedora Core releases
Subject: Re: attack 2

On Tuesday 10 May 2005 06:16 pm, roland brouwers wrote:
> Hello everyone,
>
> Panic...
>
> I noticed accepted passwords for different users, such as root, myself
> and another one, coming from outside:::ffff:213.219.168.50
>
> How is that possible?
> Can I detect somehow what he/she did?
>
> In the mean time I changed passwords.
>
> Roland Brouwers
> Email roland@xxxxxx
>  
You had better check for rootkits and viruses also.

>From http://www.ripe.net/whois

% Information related to '213.219.128.0/18AS9031'

route:        213.219.128.0/18
descr:        EDPnet
origin:       AS9031
mnt-by:       EDP-NET
source:       RIPE


Sorry to flame you, but.

You should try to find out what the what the cracker wanted and their
intent 
in getting into your system.

>From what I read three passwords??? They must be weak passwords!
My passwords are always a minimum of 8 charactors S.A. wsx43210z.
Using words and phrases is VERY BAD! (yes yelling)!!

How is your firewall how tight is it, or, do you have a firewall?

-- 
John H Ludwig

Common sense is so rare, why do they call it common!!!

Manual customization of this file is not recommended, 
BUT WILL BE DONE!!!

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Attachment: sshd_config
Description: Binary data

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux