MORE SSH Hacking: heads-up
Yang Xiao
yxiao2004 at gmail.com
Wed Aug 4 15:22:42 UTC 2004
On Wed, 04 Aug 2004 11:03:33 -0400, Matt Morgan
<matt.morgan-fedora-list at brooklynmuseum.org> wrote:
> On 08/02/2004 05:57 PM, Brian Fahrlander wrote:
>
> >On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote:
> >
> >
> >>>>On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng <Ow.Mun.Heng at wdc.com> wrote:
> >>>>
> >>>>
> >>>>This was in my logs last night at 11.56pm.
> >>>>
> >>>>
> >>>Aug 2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test from
> >>>::ffff:69.59.166.236 port 41532 ssh2
> >>>Aug 2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest from
> >>>::ffff:69.59.166.236 port 41714 ssh2
> >>>
> >>>Seems to be coming from San Fransisco...
> >>>
> >>>
> >>>
> >>>
> >>The fact that a user and password is getting flagged indicates that the
> >>hacker is getting past your /etc/hosts.deny file. I keep my ssh access
> >>shut down except for IP address ranges I am expecting. I realize this is
> >>not possible in all cases, but stopping the hacker before they get a login
> >>prompt is in my opinion a preferred situation.
> >>
> >>
> >
> > Yeah, but you may as well firewall the world. This seems to be
> >everywhere.
> >
> >
> >
> So use hosts.allow instead, and specify the few particular hosts that
> are allowed to attempt to connect. Everyone else will be summarily
> rejected. (Firewalling the world is not a bad option, either).
>
>
>
take a look of this.
http://www.dshield.org/port_report.php?port=22&recax=1&tarax=2&srcax=2&percent=N&days=70&Redraw=
More information about the fedora-list
mailing list