[olug] attempted attacks

Noel Leistad noel at metc.net
Tue Mar 8 15:59:56 UTC 2005


hosts.deny for whatever the reported whois network is. Harsh, but effective.

-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org]On Behalf Of
Eric Lusk
Sent: Tuesday, March 08, 2005 9:00 AM
To: olug
Subject: [olug] attempted attacks


Someone has too much time on their hands.  They have
to to be trying to log into my server.  All of it's
coming from a couple of systems in Asia, one of which
is a web server, or at least they're masquerading as
202.55.229.226, along with a couple of other IP
addresses.  The attempted logins as root don't bother
me; even I can't log in remotely as root :)  But the
above IP has been trying to guess usernames, and may
have even brought down my internet service for a while
yesterday.  Time to implement some tighter measures,
such as changing my ssh server port away from 22.
I doubt the sysadmins or ISPs of any of the attacking
systems are going to do much; in my experience, most
Asian ISPs don't care; some even seem to be
encouraging hackers.
At the least, it's time to modify the users on my
system, using unusual usernames.  One of the systems
was going through and trying to guess usernames on the system.

http://www.ericshaus.com
Alcohol and Calculus don't mix.  Never drink and derive.


	
		
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/
_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list