Re: what to do?

• Previous message: Duncan: "Re: what to do?"
• In reply to: Bill Smith: "what to do?"
• Next in thread: Eduardo Suzuki: "RE: what to do?"
• Reply: Eduardo Suzuki: "RE: what to do?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 26 Aug 2005 21:05:27 -0700 (PDT)
To: Bill Smith <vinet138@yahoo.com>, security-basics@securityfocus.com

You could deny the host by entering
ALL:80.68.204.50
in /etc/hosts.deny
or if this is your private machine. Do what I do in /etc/hosts.allow enter all
the IP's (ranges, hosts). and in /etc/hosts.deny. deny everybody.

IE.
/etc/hosts.allow
sshd:a.b.c.d e.f.g.h/snm [EXCEPT i.j.k.l[/snm]]
and in
/etc/hosts.deny
ALL:ALL
This way you are only allowing various hosts access to your machine.

This of course will not block ip spoofing but it will stop a lot of the
attacks.
If this is a corporate machine, I would do it the first way.

--- Bill Smith <vinet138@yahoo.com> wrote:

> Hi Guys,
>
> I noticed that someone is trying to hacker into my
> machine. Please see below is the content of
> /var/log/security.
> what I would like some advice of you guys is, what
> will I do with these people?
> btw, I do have FW
>
> Cheers,
>
> Bill
>
> Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
> from 80.68.204.50
> Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
> from 80.68.204.50
> Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
> from 80.68.204.50
> Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
> from 80.68.204.50
> Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
> from 80.68.204.50
> Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
> from 80.68.204.50
> Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
> from 80.68.204.50
> Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
> from 80.68.204.50
> Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
> from 80.68.204.50
> Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
> from 80.68.204.50
> Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
> from 80.68.204.50
> Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
> from 80.68.204.50
> Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
> from 80.68.204.50
> Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
> from 80.68.204.50
> Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
> from 80.68.204.50
> Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
> from 80.68.204.50
> Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
> from 80.68.204.50
> Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
> from 80.68.204.50
> Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
> from 80.68.204.50
> Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
> from 80.68.204.50
> Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
> from 80.68.204.50
> Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
> from 80.68.204.50
> Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
> from 80.68.204.50
> Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
> from 80.68.204.50
> Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
> from 80.68.204.50
> Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
> from 80.68.204.50
> Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
> from 80.68.204.50
> Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
> from 80.68.204.50
> Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
> from 80.68.204.50
> Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
> from 80.68.204.50
> Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
> from 80.68.204.50
> Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
> from 80.68.204.50
> Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
> from 80.68.204.50
> Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
> from 80.68.204.50
> Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
> from 80.68.204.50
> Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
> from 80.68.204.50
> Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
> from 80.68.204.50
> Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
> from 80.68.204.50
> Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
> from 80.68.204.50
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

• Previous message: Duncan: "Re: what to do?"
• In reply to: Bill Smith: "what to do?"
• Next in thread: Eduardo Suzuki: "RE: what to do?"
• Reply: Eduardo Suzuki: "RE: what to do?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: what to do? ... filtering mechanism on the SSH machine and filter out the ... This way you are only allowing various hosts access to your machine. ... > Do You Yahoo!? ... Mail has the best spam protection around ... (Security-Basics) Re: DISPLAYMANAGER=KDE ... >> minds are naturally ... >> It is always easier to believe than to deny. ... > Do You Yahoo!? ... Mail has the best spam protection around ... (Fedora) Re: Nmap oprions ... or maybe simply telneting to it on port 21 and checking the reply. ... > I want that nmap will show me just the hosts which the ... > Do You Yahoo!? ... Mail has the best spam protection around ... (Security-Basics) Re: connect to internet problem ... Have you made sure that you have ip forwarding enabled on the machine your hosts are forwarding through? ... i changed Chain INPUT policy tot DROP and accept only what i need and make this in the OUTPUT chain and the FORWARD chain ... Do You Yahoo!? ... Mail has the best spam protection around ... (RedHat) Nmap oprions ... I need to scan my big network for port 21 on many ... I want that nmap will show me just the hosts which the ... Do You Yahoo!? ... Mail has the best spam protection around ... (Security-Basics)