RE: what to do?

From: Mehmet Buyukozer (mbuyukozer_at_gmx.co.uk)
Date: 08/31/05

  • Next message: tbost_at_valocity.com: "RE: University Degree or CISSP" 
    To: <security-basics@securityfocus.com>
Date: Tue, 30 Aug 2005 18:58:30 -0400

    You can use "port knocking" approach to prevent these attacks. This will
    solve most of your problems when combined with

    - changing default port 22 to something else
    - setting number of authentication-retries

    Check this link for port knocking solution for ssh
    http://aplawrence.com/Security/sshloginattack.html

    also for portknocking
    http://www.portknocking.org/

    hope this helps.

    Mehmet
    www.sonofnights.com

    -----Original Message-----
    From: Bill Smith [mailto:vinet138@yahoo.com]
    Sent: Thursday, August 25, 2005 3:30 AM
    To: security-basics@securityfocus.com
    Subject: what to do?

    Hi Guys,

    I noticed that someone is trying to hacker into my
    machine. Please see below is the content of
    /var/log/security.
    what I would like some advice of you guys is, what
    will I do with these people?
    btw, I do have FW

    Cheers,

    Bill

    Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
    from 80.68.204.50
    Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
    from 80.68.204.50
    Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
    from 80.68.204.50
    Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
    from 80.68.204.50
    Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
    from 80.68.204.50
    Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
    from 80.68.204.50
    Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
    from 80.68.204.50
    Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
    from 80.68.204.50
    Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
    from 80.68.204.50
    Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
    from 80.68.204.50
    Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
    from 80.68.204.50
    Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
    from 80.68.204.50
    Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
    from 80.68.204.50
    Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
    from 80.68.204.50
    Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
    from 80.68.204.50
    Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
    from 80.68.204.50
    Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
    from 80.68.204.50
    Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
    from 80.68.204.50
    Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
    from 80.68.204.50
    Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
    from 80.68.204.50
    Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
    from 80.68.204.50
    Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
    from 80.68.204.50
    Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
    from 80.68.204.50
    Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
    from 80.68.204.50
    Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
    from 80.68.204.50
    Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
    from 80.68.204.50
    Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
    from 80.68.204.50
    Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
    from 80.68.204.50
    Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
    from 80.68.204.50
    Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
    from 80.68.204.50
    Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
    from 80.68.204.50
    Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
    from 80.68.204.50
    Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
    from 80.68.204.50
    Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
    from 80.68.204.50
    Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
    from 80.68.204.50
    Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
    from 80.68.204.50
    Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
    from 80.68.204.50
    Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
    from 80.68.204.50
    Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
    from 80.68.204.50

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

  • Next message: tbost_at_valocity.com: "RE: University Degree or CISSP"