MORE SSH Hacking: heads-up
Matt Morgan
matt.morgan-fedora-list at brooklynmuseum.org
Wed Aug 4 15:03:33 UTC 2004
On 08/02/2004 05:57 PM, Brian Fahrlander wrote:
>On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote:
>
>
>>>>On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng <Ow.Mun.Heng at wdc.com> wrote:
>>>>
>>>>
>>>>This was in my logs last night at 11.56pm.
>>>>
>>>>
>>>Aug 2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test from
>>>::ffff:69.59.166.236 port 41532 ssh2
>>>Aug 2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest from
>>>::ffff:69.59.166.236 port 41714 ssh2
>>>
>>>Seems to be coming from San Fransisco...
>>>
>>>
>>>
>>>
>>The fact that a user and password is getting flagged indicates that the
>>hacker is getting past your /etc/hosts.deny file. I keep my ssh access
>>shut down except for IP address ranges I am expecting. I realize this is
>>not possible in all cases, but stopping the hacker before they get a login
>>prompt is in my opinion a preferred situation.
>>
>>
>
> Yeah, but you may as well firewall the world. This seems to be
>everywhere.
>
>
>
So use hosts.allow instead, and specify the few particular hosts that
are allowed to attempt to connect. Everyone else will be summarily
rejected. (Firewalling the world is not a bad option, either).
More information about the fedora-list
mailing list