Re: I'm getting attacked
- From: Tauno Voipio <tauno.voipio@xxxxxxxxxxxxx>
- Date: Fri, 16 Feb 2007 15:19:24 GMT
Damian 'legion' Szuberski wrote:
On 2007-02-14, jsuthan wrote:
I keep getting logs like these - the x is there to protect the guilty:
Jan 16 05:37:47 penguin sshd[16174]: Invalid user guest from
x.199.53.194
Jan 16 05:37:50 penguin sshd[16176]: Invalid user master from
x.199.53.194
Jan 16 05:37:53 penguin sshd[16178]: Invalid user apache from
x.199.53.194
Jan 16 05:38:15 penguin sshd[16199]: Invalid user admin from
x.199.53.194
Can someone give me advice about what I should do about it? One idea is
to move the ssh port to something besides the default. But really I'm
not sure. Please help.
give attacker some work .. example switch you default ssh port 22 to 44 or something else. Doing this attacker need to sniff out which port your ssh assign to. You also can enable tcpd features; this library enforces system to strict network connectivity. Checkout man page for host.allow and host.deny. Finally something very important learn to use iptables; prime linux security.
One more advice how to obtain security through obscurity?
Admitted - but the script kiddies are dumb enough to
try standard ports only. At least the traffic quieted
totally after I moved out of the standard TCP/22.
--
Tauno Voipio
tauno voipio (at) iki fi
.
- References:
- Re: I'm getting attacked
- From: jsuthan
- Re: I'm getting attacked
- From: Damian 'legion' Szuberski
- Re: I'm getting attacked
- Prev by Date: Re: I'm getting attacked
- Next by Date: Re: I'm getting attacked
- Previous by thread: Re: I'm getting attacked
- Next by thread: Re: I'm getting attacked
- Index(es):
Relevant Pages
|
|
