Re: Illegal user ssh probes

From: Les Bell (lesbell_at_lesbell.com.au)
Date: 10/21/04

Next message: Andrea Bacchet: "implementing failed login delay?"

Previous message: Darren Tucker: "Re: scp problems with RedHat Machines to Unix w/SSH"
Maybe in reply to: Christopher Strong: "Re: Illegal user ssh probes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Rail mail <railmail@gmail.com>
Date: Thu, 21 Oct 2004 11:22:51 +1000

Rail mail <railmail@gmail.com> wrote:

>>
I am wondering if they are actually logging in?
<<

Your logs will show successful logins, surely?

>>
does any one know of anything I should be aware of or looking for?
<<

They're probably using the exploit at
http://www.k-otik.com/exploits/08202004.brutessh2.c.php . Read it, and make
sure that you are not using any of the account names and passwords listed.
Better still, disable password authentication and use public keys only.

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]

Next message: Andrea Bacchet: "implementing failed login delay?"

Previous message: Darren Tucker: "Re: scp problems with RedHat Machines to Unix w/SSH"
Maybe in reply to: Christopher Strong: "Re: Illegal user ssh probes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]