Re: MORE SSH Hacking: heads-up <- TCP Wrappers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Use TCP Wrappers: /etc/hosts.allow and /etc/host.deny


Brian Fahrlander wrote:

    From last night's LogWatch:
--------------------------------------------------------------------------

sshd:
   Invalid Users:
      Unknown Account: 7 Time(s)
   Unknown Entries:
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=johnstongrain.com  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=smms-mriley09d.chemistry.uq.edu.au  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=211.117.191.70  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216.97.110.1  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=ccia-062-204-197-193.uned.es  : 1 Time(s)

su:
   Sessions Opened:
      brian(uid=500) -> root: 1 Time(s)

------------------------------------------------------------------------

    Ok, guys- what do we do with this?  Should we be writing down the
addresses from which these attempts were made? They're probably all
'stooge' addresses, I know, but it might help authorities to know what
other machines have been compromised...

    I'll go save the log somewhere...

------------------------------------------------------------------------






[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux