Re: Login attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Nathaniel Hall wrote:

I see attempts about every other day. Because of this, I send e-mails to ISPs about every other day. After the third offense from within the same range, I block all access to our servers from that range, unless the ISP attempts to correct the problem.

I also keep track of all attempts so that I can reference it later in case of a break in.

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln@xxxxxxx
417-447-7535




Gerry Doris wrote:

On Tue, 2004-12-07 at 15:24, Michael Yep wrote:


Hello

In my LogWatch report I get many login attacks, many from the same IP address.

sshd:
   Authentication Failures:
      root (218.232.109.187): 59 Time(s)
      adm (218.232.109.187): 2 Time(s)
      apache (218.232.109.187): 1 Time(s)
      nobody (218.232.109.187): 1 Time(s)
      operator (218.232.109.187): 1 Time(s)
   Invalid Users:
      Unknown Account: 43 Time(s)

I have permitRootLogin set to NO, and I use strong passwords, but can I just add these IP addresses to hosts.deny?
and if so how would I set that up




Michael Yep
Development / Technical Operations
RemoteLink, Inc.



I had so many problems with the 218.0.0.0/24 domain that I totally blocked the entire domain. I believe this domain is in Korea.



Hey guys,

I'm new to this security issues on Linux, but I find this thread interesting. Could some of you please point me to some docs where I can learn more (especially about these utilities and how to use them)?

Thanks,

--
------------------------------------------------------------------------
*Gustavo Seabra* <http://www.ksu.edu/chem/personnel/faculty/grad/jvo/ortiz/people_seabra.html> - Graduate Student
E-Mail: seabra@xxxxxxx <mailto:seabra@xxxxxxx>
Phone: (785) 532-6072 Chemistry Department <http://www.ksu.edu/chem/>
Kansas State University <http://www.ksu.edu>
Manhattan, KS 66506-3701




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux