Attempted SSH Logins
James Harrison
jamesaharrisonuk at yahoo.co.uk
Thu Aug 5 20:32:51 UTC 2004
Hello
> I understand that most of the sources of these probes are zombie drones
> or other compromised systems.
What I dont understand about this is: Why do any of it? What is to gain from
even trying to attempt to produce a "probe"? Written my a bunch of morons who
cant do anything else productive for the computing industry.
I dont take too kindly to people I dont know trying to access my system. I
have personal information that I want my family and friends to see and I dont
want some zitty 12 year old from China or some bored system engineer moron
working for a company trying to use my system as a platform to spam the rest
of the world.
>I politely emailed the technical contact responsible
That OK if you know you wont get hundreds of spam messages back from the
person as soon as they know your email address.
I do give people the benefit of doubt. If I see anything strange from the
logwatch report for the first time I let it go. Any more after that I get a
bit annoyed.
When this company tried to access my system 2 or 3 times, this is when I
started emailing.
Sorry if I have been too vocal on this matter, but its something I feel
strongly about.
James
--- Parker Morse <morse at sinauer.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wednesday, Aug 4, 2004, at 17:00 US/Eastern, James Harrison wrote:
> > I then got on to their website, found the webmaster email account and
> > sent
> > them a very nasty rude email along with evidance of them attempting to
> > access
> > my machine without permission.
> >
> > Needless to say, I now dont have any problems from them.
>
> I understand that most of the sources of these probes are zombie drones
> or other compromised systems. The first time I saw such a probe
> (they're easy to spot, since the same IP will scan all three of my
> internet-facing servers on the same day) I politely emailed the
> technical contact responsible for that netblock, asking if there was
> something I should know about (or, conversely, if there was something
> *he* should know about.)
>
> They apologized profusely and explained that the infected system had
> been taken offline within an hour of the first scans.
>
> Go easy on 'em. "There but for the grace of God go you and I," or
> something like that.
>
> Going from permissive to restrictive firewalling (from "anybody except"
> to "nobody except") with SSH would be a good step. Restricting accounts
> with shell login access from SSH can't hurt, either; the no-root-logins
> configuration mentioned here recently should be mandatory.
>
> pjm
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (Darwin)
>
> iD8DBQFBEnF5nRVGoRROKxIRArEHAJ9peoLQMWAsy5dNYDc6YmFYq8HXgwCbB3OX
> oQjD4zwXfWpvlLNU4PG6tiM=
> =6Ufv
> -----END PGP SIGNATURE-----
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
More information about the redhat-list
mailing list