Attempted SSH Logins

[James Harrison]

Hello

> I understand that most of the sources of these probes are zombie drones 
> or other compromised systems. 
What I dont understand about this is: Why do any of it?  What is to gain from
even trying to attempt to produce a "probe"?  Written my a bunch of morons who
cant do anything else productive for the computing industry.

I dont take too kindly to people I dont know trying to access my system.  I
have personal information that I want my family and friends to see and I dont
want some zitty 12 year old from China or some bored system engineer moron
working for a company trying to use my system as a platform to spam the rest
of the world.

>I politely emailed the technical contact responsible 
That OK if you know you wont get hundreds of spam messages back from the
person as soon as they know your email address.

I do give people the benefit of doubt. If I see anything strange from the
logwatch report for the first time I let it go. Any more after that I get a
bit annoyed.

When this company tried to access my system 2 or 3 times, this is when I
started emailing.

Sorry if I have been too vocal on this matter, but its something I feel
strongly about.

James


--- Parker Morse <morse at sinauer.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday, Aug 4, 2004, at 17:00 US/Eastern, James Harrison wrote:
> > I then got on to their website, found the webmaster email account and 
> > sent
> > them a very nasty rude email along with evidance of them attempting to 
> > access
> > my machine without permission.
> >
> > Needless to say, I now dont have any problems from them.
> 
> I understand that most of the sources of these probes are zombie drones 
> or other compromised systems. The first time I saw such a probe 
> (they're easy to spot, since the same IP will scan all three of my 
> internet-facing servers on the same day) I politely emailed the 
> technical contact responsible for that netblock, asking if there was 
> something I should know about (or, conversely, if there was something 
> *he* should know about.)
> 
> They apologized profusely and explained that the infected system had 
> been taken offline within an hour of the first scans.
> 
> Go easy on 'em. "There but for the grace of God go you and I," or 
> something like that.
> 
> Going from permissive to restrictive firewalling (from "anybody except" 
> to "nobody except") with SSH would be a good step. Restricting accounts 
> with shell login access from SSH can't hurt, either; the no-root-logins 
> configuration mentioned here recently should be mandatory.
> 
> pjm
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (Darwin)
> 
> iD8DBQFBEnF5nRVGoRROKxIRArEHAJ9peoLQMWAsy5dNYDc6YmFYq8HXgwCbB3OX
> oQjD4zwXfWpvlLNU4PG6tiM=
> =6Ufv
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 



	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail