Re: Is this normal?

• Previous message: Clement Dupuis: "RE: Searching for Canadian IT Security agencies...."
• In reply to: Erlend Lorentzen: "Is this normal?"
• Next in thread: H Carvey: "Re: Is this normal?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Erlend Lorentzen <er-lore@online.no>
Date: Sun, 24 Oct 2004 12:55:58 +0100

I'd say setup verbose logging on SSHD, and see what they're trying to
do, may shed some light onto the subject. If you need any help with this
let me know.

xyberpix

On Thu, 2004-10-21 at 18:48, Erlend Lorentzen wrote:
> Hi
>
> I'm not very experienced with this sort of thing so please bear with me.
> The following concerns my Slackware 9.1 NAT/Firewall protecting my Home
> LAN from the Internet.
>
> Checking my logs today I was a bit surprised to find about 80 refused
> connection attempts to my sshd during the last month like:
> Oct 7 21:22:27 firewall sshd[9710]: refused connect from
> xxx.xxx.xxx.xxx
>
> I did reverse lookups on the IP's with dig and found that the attemts
> originated from a variety of hosts from Italy, Polen, Russia, Sweden and
> Pakistan to name but a few.
>
> One particular host had tried connecting 19 times with just a few
> seconds between tries (is he/she just trying different commonly used
> passwords?)
>
> Now to my questions:
> Is this Normal?
> Should I be concerned?
> Any security tips, suggestions, thoughts? (I update regularly with
> swaret (SlackwareTool), use strong random passwords, tcp wrappers)
> Anyone know a good guide to hardening Slackware?
> Anything else you'd like to mention?
>
> Thanks, your help is much appreciated!
>
> Best regards Erlend.

-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

• application/pgp-signature attachment: This is a digitally signed message part

• Previous message: Clement Dupuis: "RE: Searching for Canadian IT Security agencies...."
• In reply to: Erlend Lorentzen: "Is this normal?"
• Next in thread: H Carvey: "Re: Is this normal?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSHD revelaing too much information. ... He *is* the FreeBSD Security Officer. ... you still need to be sure that students' machines don't get ... client can activate a workaround when it connects to a broken sshd. ... (FreeBSD-Security) Re: SSHD reconfig ... run sshd on some port other than 22, ... Multiple layers of security are better. ... Apple, you mangled it. ... (comp.sys.mac.system) Re: starting ssh from inetd ... which tends to enhance security. ... >security hole in a particular implementation of inetd, ... Are you saying sshd is insecure when running stand alone and that it ... running sshd through inetd does not simplify the programming ... (comp.security.ssh) Re: Dedicated vs. shared hosting? ... > paragraphs) really increase my security or am I fooling myself? ... SShd is running, ... > Host Y is another dedicated host, and is only an sshd machine, or maybe ... You need to consider Linux' wide deployment ... (comp.security.misc) Re: Dedicated vs. shared hosting? ... >>paragraphs) really increase my security or am I fooling myself? ... SShd is running, ... >>Host Y is another dedicated host, and is only an sshd machine, or maybe ... You need to consider Linux' wide deployment ... (comp.security.misc)