Re: what to do?
From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 08/27/05
- Previous message: morph84: "Re: what to do?"
- In reply to: Bill Smith: "what to do?"
- Next in thread: paavan shah: "Re: what to do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Bill Smith <vinet138@yahoo.com> Date: Sat, 27 Aug 2005 11:50:06 +0100
On Thu, 2005-08-25 at 00:30 -0700, Bill Smith wrote:
> Hi Guys,
>
> I noticed that someone is trying to hacker into my
> machine. Please see below is the content of
> /var/log/security.
> what I would like some advice of you guys is, what
> will I do with these people?
> btw, I do have FW
Automated SSH scans that have been happening for a while.
If you aren't getting them then your SSH server isn't working :-P .
There are a few ways to stop them cluttering up your logs, simplest is
to put SSH on a port other than 22, as these are not often targeted
scans - they are blanket scans. Another effective technique is to drop
any IP's that appear to be brute forcing you , eg...
http://www.debian-administration.org/articles/187
Generally this is nothing to worry about if you have decent passwords on
your user accounts, but the log clutter can be a nuisance.
-- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: morph84: "Re: what to do?"
- In reply to: Bill Smith: "what to do?"
- Next in thread: paavan shah: "Re: what to do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
