Off topic: Hacker

Andy Green andy at warmcat.com
Mon Aug 15 15:37:07 UTC 2005


> Most probably some virus or other which has claimed another brain-dead
> victim (known as Windows users). The IP is most likely false. If you're
> that concerned, switch off ssh.

Since it's a TCP connection to ssh, the IPs will be real.

These are automated attacks coming from all around as Mike said, there 
is no "person".  They won't be stopping any time soon and will probably 
only increase in sophistication.

Best plan is to get your friend to move his ssh port off 22.  That will 
really make it difficult to attack him, since they no longer have the 
free information that 22 is the port and ssh is the protocol.


Edit /etc/ssh/sshd_config and change

Port 22

to some other number, then

service sshd restart

update any holes in firewalls accordingly: you can do it by hand with 
(eg, for port 5678)

iptables -I INPUT -p tcp --dport 5678 -j ACCEPT
service iptables save

-Andy




More information about the fedora-list mailing list