[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: OT: Security....

> -----Original Message-----
> From: fedora-list-bounces redhat com 
> [mailto:fedora-list-bounces redhat com] On Behalf Of HaJo Schatz
> Sent: Thursday, 28 October 2004 17:37
> To: For users of Fedora Core releases
> Subject: Re: OT: Security....
> On Wed, October 27, 2004 18:54, Jim Higson said:
> >> Good points James...you missed one though... port 22. I see more 
> >> attempts on SSH than any other port....stupid and LAME 
> attempts but 
> >> more on this than any other...
> >
> > Out of curiosity, how much does it really matter so long as 
> you have 
> > strong passwords?
> I do see more brute force attempts @ ssh these days and start 
> wondering how much longer some script kiddie needs to make 
> the algortihm a bit more clever (and eg attack user names on 
> certain hosts which are likely to exist. This could be 
> harvested eg from email addresses...).

If you do some Googling, you will no doubt find the info on this in some
security forums that I found when it first started on Port 22 a few months
ago.  A couple of people seet up "honey pots" and waited and watched... the
result was that after one of the scripted attacks detects a well known
account / password combination, the attack changes fromn being scripted to
manual and a "root kit" is installed.  The attackers were not good at
covering their tracks in terms of command history, so that is what gave it
away as a manual as opposed to a scripted attack.  Here's a list of hack
source addresses that I've recorded over a period of two months:-

SSH Hack source addresses

I checked one the other day and the IP was owned by a Korean University.


> I have hacked a script which tails /var/log/secure and reacts 
> on attempts to log in as root with password. Such offending 
> IPs are then denied port 22 access. Any comments, positive or 
> negative, on this?
> -- 
> HaJo Schatz <hajo hajo net>
> http://www.HaJo.Net
> PGP-Key:  http://www.hajo.net/hajonet/keys/pgpkey_hajo.txt
> -- 
> fedora-list mailing list
> fedora-list redhat com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]