On Mon, Oct 24, 2005 at 12:09:21PM +0000, Stephanus Fengler wrote: > Boris Glawe wrote: > > > > >> > >> > >>So shell I worry about it or do I need to do some countermeasures? > > > > > > > >Just ignore it, if your passwords are long enough and are NOT based on > >words that can be found in dictionaries. Change the passwords from > >time to time AND keep your sshd up to date. > > > >If I have too many root login requests (>200) and I'am able to find > >out the attackers provider (with nslookup <ip-address>), I sometimes > >write an abuse report to the provider. > > > >Most of these are attacks are script kiddies who are only successfull > >in case that your password is emty or matches the username > > > >greets Boris > > > Hi Boris > Since I need the ssh service, I can't disable it. Actually counting the > number of root pw attacks it was 540 within 28 mins after then he > switched over to pw guessing for random usernames for another 500 times > and 25 mins. Anyway nslookup gives: > > nslookup 81.208.32.170 > Server: 134.60.1.111 > Address: 134.60.1.111#53 > > Non-authoritative answer: > 170.32.208.81.in-addr.arpa name = 81-208-32-170.ip.fastwebnet.it. > Yoiu might get a little more information from: whois 81.208.32.170 ------------------------------------------- Aaron Konstam Computer Science Trinity University telephone: (210)-999-7484
