Login attacks
Gustavo Seabra
seabra at ksu.edu
Tue Dec 7 22:56:33 UTC 2004
Nathaniel Hall wrote:
> I see attempts about every other day. Because of this, I send e-mails
> to ISPs about every other day. After the third offense from within
> the same range, I block all access to our servers from that range,
> unless the ISP attempts to correct the problem.
>
> I also keep track of all attempts so that I can reference it later in
> case of a break in.
>
>Nathaniel Hall, GSEC
>Intrusion Detection and Firewall Technician
>Ozarks Technical Community College -- Office of Computer Networking
>
>halln at otc.edu
>417-447-7535
>
>
>
>
> Gerry Doris wrote:
>
>>On Tue, 2004-12-07 at 15:24, Michael Yep wrote:
>>
>>
>>>Hello
>>>
>>>In my LogWatch report I get many login attacks, many from the same IP address.
>>>
>>>sshd:
>>> Authentication Failures:
>>> root (218.232.109.187): 59 Time(s)
>>> adm (218.232.109.187): 2 Time(s)
>>> apache (218.232.109.187): 1 Time(s)
>>> nobody (218.232.109.187): 1 Time(s)
>>> operator (218.232.109.187): 1 Time(s)
>>> Invalid Users:
>>> Unknown Account: 43 Time(s)
>>>
>>>I have permitRootLogin set to NO, and I use strong passwords, but can I
>>>just add these IP addresses to hosts.deny?
>>>and if so how would I set that up
>>>
>>>
>>>
>>>Michael Yep
>>>Development / Technical Operations
>>>RemoteLink, Inc.
>>>
>>>
>>
>>I had so many problems with the 218.0.0.0/24 domain that I totally
>>blocked the entire domain. I believe this domain is in Korea.
>>
>>
>>
Hey guys,
I'm new to this security issues on Linux, but I find this thread
interesting. Could some of you please point me to some docs where I can
learn more (especially about these utilities and how to use them)?
Thanks,
--
------------------------------------------------------------------------
*Gustavo Seabra*
<http://www.ksu.edu/chem/personnel/faculty/grad/jvo/ortiz/people_seabra.html>
- Graduate Student
E-Mail: seabra at ksu.edu <mailto:seabra at ksu.edu>
Phone: (785) 532-6072 Chemistry Department <http://www.ksu.edu/chem/>
Kansas State University <http://www.ksu.edu>
Manhattan, KS 66506-3701
More information about the fedora-list
mailing list