Re: What can I do about breakin attempts?
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Sat, 25 Feb 2006 14:23:48 -0600
On Fri, 24 Feb 2006, in the Usenet newsgroup comp.os.linux.security, in article
<43ffdc86$0$11005$9a6e19ea@xxxxxxxxxxxxxxxxxxxx>, Chris wrote:
Some thug has repeatedly attempted to break in to my server. There's a long
list of repeat login attempts, with alphabetical user names, from one
particular IP address. (The jerk is at 216.155.75.230, if you're curious).
Is your newsreader so broken that you didn't see the thread "Dictionary
attacks on port 22"?
The IP address belongs to Telefonica del Sur S.A in Valdivia, Chile
which is a fair sized city about 40 degrees South (450 miles/720 KM South
of Santiago). LACNIC says there is an rwhois server at rwhois.telsur.cl
on port 4321, but it's not answering a SYN.
What can I do about this?
Why is your server accepting connections from the world? Use your firewall
to restrict access to the limited number of addresses (or address ranges)
where you might actually want to connect. Another tact is to move the
server to a non-standard port. What you are seeing is probably yet another
windoze zombie box. Lots of suggestions in that other thread.
Old guy
.
- Follow-Ups:
- Re: What can I do about breakin attempts?
- From: Ertugrul Soeylemez
- Re: What can I do about breakin attempts?
- References:
- What can I do about breakin attempts?
- From: Chris
- What can I do about breakin attempts?
- Prev by Date: Re: Dictionary attacks on port 22
- Next by Date: Re: What can I do about breakin attempts?
- Previous by thread: Re: What can I do about breakin attempts?
- Next by thread: Re: What can I do about breakin attempts?
- Index(es):
Relevant Pages
|
