Re: SSH newbie interested in security concerns

From: Marco Benton - BOFH (marco_at_xssnet.com)
Date: 11/25/04


Date: Wed, 24 Nov 2004 20:42:54 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

cothrige wrote:
| I am using Slackware 9.1 and recently decided to try out some basic
| ethernet usage. I connected another machine with the same OS via a
| crossover cable and by using some straightforward online tutorials got NFS
| up and running. I can ping both ways and mount the drives. I then tried
| out ssh to see if I could do some basic stuff in that way. Things looked
| fine and everything is working as I thought it would, again using some
| very basic online help type pages.
|
| The next step in my learning process was IP masquerading and trying to use
| the client to dial on the server. I use a dial-up with dynamic IP
| addresses btw. It worked just fine, much to my surprise to be honest. ;-)
| In my testing and such I kept an eye on the logs and found something which
| made me wonder if I am really doing anywhere near enough in regards to
| security now that I am using such new services.
|
| Here is what my /var/log/messages has been spitting out:
<...snip...>

this kind of attack was mentioned in a few early posts.

as long as you have strong passwords (and your users dont give away
their password) and sshd is configured correctly then you shouldn't
worry too much about it. you'll see MANY more attempts to hack into
your machine in the future, get used to huge logs.

i hope you have a firewall in front of this machine?

- --

Marco Benton - BOFH, BSMFH
Network Consultant

BOFH excuse #317: The cause of the problem is: Your EMAIL is now being
delivered by the USPS.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBpTie2+PYgoYkw8ERArhtAJ9pRTfPG562rtyCjtTRVk/cxQo7TgCgxlN3
xTV+hzFQrr0TE87KvrzoQDo=
=zHsd
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: FW: Trace of 139 attack?
    ... /complex—Forces passwords to have a mixture of upper ... > the admin account on local logins (physical security ... >> deleting the logs he cannot do it. ... >> ur Server ur logs will ...
    (Focus-Microsoft)
  • Re: Found, a new rootkit
    ... checked the logs and added several dozen more addresses ... Root's account, eh? ... have good passwords. ... Copyright 2006 by Maurice Eugene Heskett, ...
    (Fedora)
  • Re: 2000/XP Networking Problem
    ... PASSWORDS are what need to match up between the two computers. ... >> you've checked event logs to see if there are any clues there. ... user accounts I did say "On the W2000 machine Network Identification ...
    (microsoft.public.win2000.networking)
  • Re: Account Lockout
    ... > will cache passwords for network resources on the local ... When the users logs in...it tries to use those ... >> domain policy says they have 5 retries before account ... This is not a new feature in Windows XP, but has been part of the Windows NT ...
    (microsoft.public.win2000.security)
  • Re: Syslog CPU/Mem/IO Usage?
    ... logging close to around 1.5-2gb of logs daily. ... least install/run 'sar' on the system and check how the system ... behaves at times you suspect problems after running for a few ... #bofh excuse 81: Please excuse me, I have to circuit an AC ...
    (comp.os.linux.setup)