NOUSER
Vivek J. Patankar
list307 at gmail.com
Wed Aug 8 01:08:45 UTC 2007
Rick Stevens wrote:
> Personally, I still prefer iptables. Block them at the NIC level (or as
> close as you can). Why let them in any further than you absolutely have
> to?
Unfortunately I can't. My company's server hardening policy says
IPTables should be off! I have to apply for a "Security Override" if I
have to enable it. Go figure.
I'm trying to get that changed.
>> My original concern, more of a curiosity really, was about the username
>> NOUSER. I've be getting attempts for root ever since this server went
>> live. But never for "NOUSER".
>
> If you're still getting SSH crack attempts even though there's a
> firewall out there, then you're either getting hit from someone you
> "trust" or it's coming from inside your network. I'd start an audit PDQ
> (pretty damned quick) and find the culprit. Undoubtedly some twit
> with a Windows box is infected, either by getting hacked or by opening
> an email with a worm attached.
I did check where the attempts were coming from. The source IP addresses
were assigned to ISPs. So infected windows systems are most likely to be
the culprits.
--
Regards,
विवेक ज. पाटणकर (Vivek J. Patankar)
Registered Linux User #374218
Fedora release 7 (Moonshine)
Linux 2.6.22.1-33.fc7 x86_64
More information about the fedora-list
mailing list