OT: Security....
David
lists at systems-go.com.au
Thu Oct 28 13:35:24 UTC 2004
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of HaJo Schatz
> Sent: Thursday, 28 October 2004 17:37
> To: For users of Fedora Core releases
> Subject: Re: OT: Security....
>
>
>
> On Wed, October 27, 2004 18:54, Jim Higson said:
> >> Good points James...you missed one though... port 22. I see more
> >> attempts on SSH than any other port....stupid and LAME
> attempts but
> >> more on this than any other...
> >
> > Out of curiosity, how much does it really matter so long as
> you have
> > strong passwords?
>
> I do see more brute force attempts @ ssh these days and start
> wondering how much longer some script kiddie needs to make
> the algortihm a bit more clever (and eg attack user names on
> certain hosts which are likely to exist. This could be
> harvested eg from email addresses...).
If you do some Googling, you will no doubt find the info on this in some
security forums that I found when it first started on Port 22 a few months
ago. A couple of people seet up "honey pots" and waited and watched... the
result was that after one of the scripted attacks detects a well known
account / password combination, the attack changes fromn being scripted to
manual and a "root kit" is installed. The attackers were not good at
covering their tracks in terms of command history, so that is what gave it
away as a manual as opposed to a scripted attack. Here's a list of hack
source addresses that I've recorded over a period of two months:-
SSH Hack source addresses
147.46.60.75
220.70.167.67
141.45.183.18
150.7.57.239
155.207.19.247
219.238.179.101
220.69.12.96
211.91.23.171
67.42.142.160
210.223.178.180
216.93.183.244
61.185.226.211
222.99.91.173
218.21.129.105
66.55.167.210
219.238.239.178
193.0.122.75
210.82.97.74
211.174.185.89
218.30.21.223
200.153.74.133
211.91.135.60
212.182.102.66
216.38.218.83
163.26.22.18
202.64.28.81
203.251.202.83
194.78.243.110
220.64.160.18
66.111.192.25
200.231.30.83
67.43.3.69
147.142.232.200
211.91.98.115
61.166.6.60
203.115.96.151
211.98.106.33
130.34.218.125
210.107.239.79
219.145.217.78
130.34.218.125
207.218.206.95
165.229.192.210
218.158.126.247
211.114.239.129
66.162.179.32
163.19.1.111
203.146.102.54
61.234.47.16
82.165.240.101
210.22.128.135
203.249.35.252
210.103.69.193
61.144.253.218
211.114.246.8
213.164.155.75
218.234.208.2
61.100.180.125
212.92.88.253
219.140.29.242
202.155.108.211
211.229.177.114
144.230.99.53
222.45.45.132
218.75.54.67
I checked one the other day and the IP was owned by a Korean University.
Regards,
David.
---------
>
> I have hacked a script which tails /var/log/secure and reacts
> on attempts to log in as root with password. Such offending
> IPs are then denied port 22 access. Any comments, positive or
> negative, on this?
>
>
> --
> HaJo Schatz <hajo at hajo.net>
> http://www.HaJo.Net
>
> PGP-Key: http://www.hajo.net/hajonet/keys/pgpkey_hajo.txt
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list