Re: what to do?

• Previous message: Edmond Chow: "RE: Computer forensics to uncover illegal internet use"
• In reply to: Bill Smith: "what to do?"
• Next in thread: AragonX: "Re: what to do?"
• Reply: AragonX: "Re: what to do?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com, Bill Smith <vinet138@yahoo.com>
Date: Fri, 26 Aug 2005 16:45:41 -0700

Depending on your accessibility/business model, I'd send either
80.68.204.50/32, or 80.68.192.0/20 (from RIPE) to null0 on your border
router(s). If you are unable to do so at the border, or your router IS
unix[like], use iptables or somesuch. Just make sure that you drop their
packets on the floor instead of giving them the dignity of an
icmp-unreach; that way you can make the most out of their remote timeout
thresholds. Obviously discretion is not one of their main criteria...

Jayson

On Thu, 2005-08-25 at 00:30 -0700, Bill Smith wrote:
> Hi Guys,
>
> I noticed that someone is trying to hacker into my
> machine. Please see below is the content of
> /var/log/security.
> what I would like some advice of you guys is, what
> will I do with these people?
> btw, I do have FW
>
> Cheers,
>
> Bill
>
> Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
> from 80.68.204.50
> Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
> from 80.68.204.50
> Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
> from 80.68.204.50
> Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
> from 80.68.204.50
> Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
> from 80.68.204.50
> Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
> from 80.68.204.50
> Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
> from 80.68.204.50
> Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
> from 80.68.204.50
> Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
> from 80.68.204.50
> Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
> from 80.68.204.50
> Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
> from 80.68.204.50
> Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
> from 80.68.204.50
> Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
> from 80.68.204.50
> Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
> from 80.68.204.50
> Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
> from 80.68.204.50
> Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
> from 80.68.204.50
> Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
> from 80.68.204.50
> Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
> from 80.68.204.50
> Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
> from 80.68.204.50
> Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
> from 80.68.204.50
> Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
> from 80.68.204.50
> Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
> from 80.68.204.50
> Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
> from 80.68.204.50
> Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
> from 80.68.204.50
> Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
> from 80.68.204.50
> Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
> from 80.68.204.50
> Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
> from 80.68.204.50
> Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
> from 80.68.204.50
> Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
> from 80.68.204.50
> Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
> from 80.68.204.50
> Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
> from 80.68.204.50
> Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
> from 80.68.204.50
> Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
> from 80.68.204.50
> Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
> from 80.68.204.50
> Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
> from 80.68.204.50
> Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
> from 80.68.204.50
> Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
> from 80.68.204.50
> Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
> from 80.68.204.50
> Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
> from 80.68.204.50
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com

• Previous message: Edmond Chow: "RE: Computer forensics to uncover illegal internet use"
• In reply to: Bill Smith: "what to do?"
• Next in thread: AragonX: "Re: what to do?"
• Reply: AragonX: "Re: what to do?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages no www after yum update ... is there anyway to see what updates yum ran last? ... able to get past the router and into the world. ... Do You Yahoo!? ... Mail has the best spam protection around ... (Fedora) Re: mount/export network file system ... nfs export still does not working. ... to do someting on iptables or firewall setting. ... Do You Yahoo!? ... Mail has the best spam protection around ... (Fedora) Re: Broadcastclient ... configuration of iptables for it later, ... > I'm trying to set up a broadcast client, ... Do You Yahoo!? ... Mail has the best spam protection around ... (comp.protocols.time.ntp) Re: freebsd router ... > I have run freebsd 4.11 as router for 3 years. ... Do You Yahoo!? ... Mail has the best spam protection around ... (freebsd-isp) freebsd router ... I have run freebsd 4.11 as router for 3 years. ... Do You Yahoo!? ... Mail has the best spam protection around ... (freebsd-isp)