Re: what to do?
cam_at_fischer.ca
Date: 08/30/05
- Previous message: Kumar, Snehal (HP Security Services): "RE: University Degree or CISSP"
- In reply to: morph84: "Re: what to do?"
- Next in thread: zp: "Re: what to do?"
- Reply: zp: "Re: what to do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Aug 2005 22:18:51 -0600 To: morph84 <lucas84@uno.it>
Hey Bill,
Look in your sshd_config file, you should be able to restrict who can logon. You
can restrict the root, and also set a list of users who can logon... This will
restrict it to only the select few you need. I would not allow root. You would
then have to logon with your regular account, and su - root....
Hope that helps!
Cam
Quoting morph84 <lucas84@uno.it>:
> Bill Smith wrote:
>
> >Hi Guys,
> >
> >I noticed that someone is trying to hacker into my
> >machine. Please see below is the content of
> >/var/log/security.
> >what I would like some advice of you guys is, what
> >will I do with these people?
> >btw, I do have FW
> >
> >Cheers,
> >
> >Bill
> >
> >Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
> >from 80.68.204.50
> >Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
> >from 80.68.204.50
> >Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
> >from 80.68.204.50
> >Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
> >from 80.68.204.50
> >Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
> >from 80.68.204.50
> >Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
> >from 80.68.204.50
> >Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
> >from 80.68.204.50
> >Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
> >from 80.68.204.50
> >Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
> >from 80.68.204.50
> >Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
> >from 80.68.204.50
> >Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
> >from 80.68.204.50
> >Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
> >from 80.68.204.50
> >Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
> >from 80.68.204.50
> >Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
> >from 80.68.204.50
> >Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
> >from 80.68.204.50
> >Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
> >from 80.68.204.50
> >Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
> >from 80.68.204.50
> >Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
> >from 80.68.204.50
> >Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
> >from 80.68.204.50
> >Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
> >from 80.68.204.50
> >Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
> >from 80.68.204.50
> >Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
> >from 80.68.204.50
> >Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
> >from 80.68.204.50
> >Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
> >from 80.68.204.50
> >Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
> >from 80.68.204.50
> >Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
> >from 80.68.204.50
> >Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
> >from 80.68.204.50
> >Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
> >from 80.68.204.50
> >Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
> >from 80.68.204.50
> >Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
> >from 80.68.204.50
> >Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
> >from 80.68.204.50
> >Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
> >from 80.68.204.50
> >Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
> >from 80.68.204.50
> >Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
> >from 80.68.204.50
> >Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
> >from 80.68.204.50
> >Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
> >from 80.68.204.50
> >Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
> >from 80.68.204.50
> >Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
> >from 80.68.204.50
> >Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
> >from 80.68.204.50
> >
> >
>
> Hi Bill,
> I haven't much experience and i am not sure, but it looks like a
> dictionary attack over your ssh deamon.
> First if yuo dont need ssh stop the deamon. :-)
> Else one way is to run ssh on a different port or, if possible, restrict
> access by source IP address.
> If you don't absolutely need a login based on a password, you could also
> authenticate via ssh keys (man ssh-keygen). Then you can turn off password
> based authentication.
> I think that there are many others ways, for more information look at
> the archives of securityfocus.
> Sorry for my english.
> Regards.
>
>
> --
> Morph84
>
> Fedora 3/4 GNU/Linux User
>
> 1° mail: lucas84@uno.it
> 2° mail: morph84@gmail.com
> IRC: irc.azzurra.net -> #linuxmania-#hackerkulture-#fedora-it-#disi
> Jabber: morph84@jabber.linux.it
> GPG Key: BED280B0 on keyserver.linux.it
> web page: http://freenet.sourceforge.net - www.gugli.it -
> www.nosoftwarepatents.com-www.python.it
>
>
> What is "real"?
> How do you define "real"?
> If you are talking about what you can feel...what you can
> smell,taste and see...then real is simply electrical signal
> interpreted by your brain.
>
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- Previous message: Kumar, Snehal (HP Security Services): "RE: University Degree or CISSP"
- In reply to: morph84: "Re: what to do?"
- Next in thread: zp: "Re: what to do?"
- Reply: zp: "Re: what to do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
