[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Login attacks

I see attempts about every other day.  Because of this, I send e-mails to ISPs about every other day.  After the third offense from within the same range, I block all access to our servers from that range, unless the ISP attempts to correct the problem.

I also keep track of all attempts so that I can reference it later in case of a break in.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln otc edu

Gerry Doris wrote:
On Tue, 2004-12-07 at 15:24, Michael Yep wrote:

In my LogWatch report I get many login attacks, many from the same IP address.

    Authentication Failures:
       root ( 59 Time(s)
       adm ( 2 Time(s)
       apache ( 1 Time(s)
       nobody ( 1 Time(s)
       operator ( 1 Time(s)
    Invalid Users:
       Unknown Account: 43 Time(s)

I have permitRootLogin set to NO, and I use strong passwords, but can I 
just add these IP addresses to hosts.deny?
and if so how would I set that up

Michael Yep
Development / Technical Operations
RemoteLink, Inc.

I had so many problems with the domain that I totally
blocked the entire domain.  I believe this domain is in Korea.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]