MORE SSH Hacking: heads-up <- TCP Wrappers
Luis Miguel Cruz
luismi at b2bi.es
Tue Aug 10 12:59:03 UTC 2004
Use TCP Wrappers: /etc/hosts.allow and /etc/host.deny
Brian Fahrlander wrote:
> From last night's LogWatch:
> --------------------------------------------------------------------------
>
> sshd:
> Invalid Users:
> Unknown Account: 7 Time(s)
> Unknown Entries:
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=johnstongrain.com : 2 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=smms-mriley09d.chemistry.uq.edu.au : 2 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=211.117.191.70 : 1 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=216.97.110.1 : 1 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=ccia-062-204-197-193.uned.es : 1 Time(s)
>
> su:
> Sessions Opened:
> brian(uid=500) -> root: 1 Time(s)
>
> ------------------------------------------------------------------------
>
> Ok, guys- what do we do with this? Should we be writing down the
> addresses from which these attempts were made? They're probably all
> 'stooge' addresses, I know, but it might help authorities to know what
> other machines have been compromised...
>
> I'll go save the log somewhere...
>
> ------------------------------------------------------------------------
>
>
>
More information about the fedora-list
mailing list