Re: MORE SSH Hacking: heads-up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 04 Aug 2004 11:03:33 -0400, Matt Morgan
<matt.morgan-fedora-list@xxxxxxxxxxxxxxxxxx> wrote:
> On 08/02/2004 05:57 PM, Brian Fahrlander wrote:
> 
> >On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote:
> >
> >
> >>>>On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng <Ow.Mun.Heng@xxxxxxx> wrote:
> >>>>
> >>>>
> >>>>This was in my logs last night at 11.56pm.
> >>>>
> >>>>
> >>>Aug  2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test from
> >>>::ffff:69.59.166.236 port 41532 ssh2
> >>>Aug  2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest from
> >>>::ffff:69.59.166.236 port 41714 ssh2
> >>>
> >>>Seems to be coming from San Fransisco...
> >>>
> >>>
> >>>
> >>>
> >>The fact that a user and password is getting flagged indicates that the
> >>hacker is getting past your /etc/hosts.deny file.  I keep my ssh access
> >>shut down except for IP address ranges I am expecting.  I realize this is
> >>not possible in all cases, but stopping the hacker before they get a login
> >>prompt is in my opinion a preferred situation.
> >>
> >>
> >
> >   Yeah, but you may as well firewall the world. This seems to be
> >everywhere.
> >
> >
> >
> So use hosts.allow instead, and specify the few particular hosts that
> are allowed to attempt to connect. Everyone else will be summarily
> rejected. (Firewalling the world is not a bad option, either).
> 
> 
> 
take a look of this.

http://www.dshield.org/port_report.php?port=22&recax=1&tarax=2&srcax=2&percent=N&days=70&Redraw=



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux