[K12OSN] How do I stop attempted logins

cliebow at downeast.net cliebow at downeast.net
Tue Mar 22 15:07:28 UTC 2005 

we captured the script out at Cave Hill whne they found a trivial account
if anyone is interested..it looks at the cpu type to see what it can get
away with and starts multiple probes for other vulnerable machines..and
sends results back to nothership..chuck
> I second the suggestion to just use a non-standard port.  Last fall some
friends and I 
> all noticed this same thing on our various boxes.  The attempts, which
seemed to come 
> largely from SE Asia, suggested some new script-kiddie rootkit was making
the rounds. 
> Anyway, the attempts were all failing but were filling up the log files.
 So, we all 
> moved to ports such as 922 or 2322 or whatever (something *somewhat* easy
to remember) 
> and the log files have been quiet ever since.
> 
> Petre
> 
> Thomas E. Haynes wrote:
> >  
> > 
> > 
> >>-----Original Message-----
> >>From: k12osn-bounces at redhat.com 
> >>[mailto:k12osn-bounces at redhat.com] On Behalf Of Dr. Daniel Loomis
> >>Sent: Monday, March 21, 2005 8:27 PM
> >>To: k12osn at redhat.com
> >>Subject: [K12OSN] How do I stop attempted logins
> > 
> > 
> > --snip--
> > 
> > 
> >>I have considered changing to a non-standard port, but I 
> >>suspect that a simple portscan would quickly discover it and 
> >>the attempts would continue.
> >>
> >>My /var/log/secure files are filling up fast with these 
> >>repeated breakin attempts.  I have done a whois on several of 
> >>the addresses.  Most seem to be coming from Taiwan and other 
> >>places in Asia.
> >>
> > 
> > 
> > I vote for changing to a nonstandard port. These login attempts are
> > scripted, and they are not scanning ports. The odd port would not slow down
> > a determined cracker, but you are dealing with the irritation of script
> > kiddies.
> > 
> > My 2 cents...   Tom
> > 
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> > 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 


---------------------------------------------
This message was sent from Downeast.Net.
http://ellsworthme.com/

More information about the K12OSN mailing list