MORE SSH Hacking: heads-up

Brian Fahrlander brian at fahrlander.net
Mon Aug 2 21:57:01 UTC 2004


On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote:
> >>On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng <Ow.Mun.Heng at wdc.com> wrote:
> >
> >>This was in my logs last night at 11.56pm.
> >
> >
> >Aug  2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test from
> >::ffff:69.59.166.236 port 41532 ssh2
> >Aug  2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest from
> >::ffff:69.59.166.236 port 41714 ssh2
> >
> >Seems to be coming from San Fransisco...
> >
> >
> The fact that a user and password is getting flagged indicates that the
> hacker is getting past your /etc/hosts.deny file.  I keep my ssh access
> shut down except for IP address ranges I am expecting.  I realize this is
> not possible in all cases, but stopping the hacker before they get a login
> prompt is in my opinion a preferred situation.

   Yeah, but you may as well firewall the world. This seems to be
everywhere.

   And one such place is at the building I'll start guarding this Wed
starting at 2200-0600.  It's a large black piece of telecommunications
equipment.  I just happened to see the label when on the orientation
tour.

   I told the bank liason, 'You're gonna think I'm the biggest geek
you've ever met, but there's an attack on this equipment right now." He
looked at me, uncomprehendingly, like cows at a passing train.

   I really hate being on the outside...
-- 
------------------------------------------------------------------------
Brian Fahrländer                  Christian, Conservative, and Technomad
Evansville, IN                                 http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040802/be363185/attachment-0001.sig>


More information about the fedora-list mailing list