[olug] attempted attacks

Eric Lusk wyrmzr72 at yahoo.com
Tue Mar 8 17:26:41 UTC 2005


yeah, I'm checking into several possibilities; just
have the inability to log in as root, and setting a
limit on login attempts is enough to deter most
automated systems, at least.
Anyone doing the attempts live is really bored.  I'll
change usernames to non-standard names, I noticed the
attempts were using common names to log in, like adam,
etc.  So even adding numbers or using hackerspeak on
usernames will greatly reduce the chance of an
automated system getting in.  That, and making sure no
one is using anything like a real word for a password.
 (if you can guess my password, and then su as root, I
must simply congratulate you).
--- Sean Edwards <cybersean3000 at yahoo.com> wrote:
> You could also go the other direction, and provide a
> honey pot.
> 
> Honeyd is pretty powerful (http://www.honeyd.org),
> but
> here is a list of commercial and Open Sores honey
> pots:
> 
> http://www.tracking-hackers.com/solutions/
> 
> Here is dogpile search for other honey pot info:
>
http://www.dogpile.com/info.dogpl/search/web/linux%2Bhoneypot
> 
> -=Sean=-
> 
> --- Eric Lusk <wyrmzr72 at yahoo.com> wrote:
> > Someone has too much time on their hands.  They
> have
> > to to be trying to log into my server.  All of
> it's
> > coming from a couple of systems in Asia, one of
> > which
> > is a web server, or at least they're masquerading
> as
> > 202.55.229.226, along with a couple of other IP
> > addresses.  The attempted logins as root don't
> > bother
> > me; even I can't log in remotely as root :)  But
> the
> > above IP has been trying to guess usernames, and
> may
> > have even brought down my internet service for a
> > while
> > yesterday.  Time to implement some tighter
> measures,
> > such as changing my ssh server port away from 22.
> > I doubt the sysadmins or ISPs of any of the
> > attacking
> > systems are going to do much; in my experience,
> most
> > Asian ISPs don't care; some even seem to be
> > encouraging hackers.
> > At the least, it's time to modify the users on my
> > system, using unusual usernames.  One of the
> systems
> > was going through and trying to guess usernames on
> > the system.
> > 
> > http://www.ericshaus.com
> > Alcohol and Calculus don't mix.  Never drink and
> > derive.
> > 
> > 
> > 	
> > 		
> > __________________________________ 
> > Celebrate Yahoo!'s 10th Birthday! 
> > Yahoo! Netrospective: 100 Moments of the Web 
> > http://birthday.yahoo.com/netrospective/
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> > 
> 
> 
> 	
> 		
> __________________________________ 
> Celebrate Yahoo!'s 10th Birthday! 
> Yahoo! Netrospective: 100 Moments of the Web 
> http://birthday.yahoo.com/netrospective/
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
> 

http://www.ericshaus.com
Alcohol and Calculus don't mix.  Never drink and derive.


	
		
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/



More information about the OLUG mailing list