[olug] attempted attacks
Tim OBrien
IrishMASMS at OLUG.ORG
Tue Mar 8 15:35:56 UTC 2005
<quote who="Eric Lusk">
> Someone has too much time on their hands. They have
> to to be trying to log into my server. All of it's
> coming from a couple of systems in Asia, one of which
> is a web server, or at least they're masquerading as
> 202.55.229.226, along with a couple of other IP
> addresses. The attempted logins as root don't bother
> me; even I can't log in remotely as root :) But the
> above IP has been trying to guess usernames, and may
> have even brought down my internet service for a while
> yesterday. Time to implement some tighter measures,
> such as changing my ssh server port away from 22.
> I doubt the sysadmins or ISPs of any of the attacking
> systems are going to do much; in my experience, most
> Asian ISPs don't care; some even seem to be
> encouraging hackers.
> At the least, it's time to modify the users on my
> system, using unusual usernames. One of the systems
> was going through and trying to guess usernames on the system.
>
Psst: PortKnocker?
http://omaha.pm.org/emails/2004/msg00123.html
http://doorman.sourceforge.net/
--
Timothy "Irish" O'Brien
----------------------------------------------
A: No.
Q: Should I include e-mail quotations after my reply?
=====================================================
An often repeated quote on news.admin.net-abuse.email:
<I>
"Spam is not about content, it is about consent".
</i>
--------------------------------
Microsoft: Where do you want to go today?
Linux: Where do you want to go tomorrow?
FreeBSD: Are you guys coming or what?
More information about the OLUG
mailing list