Re: [RLUG] Sunday afternoon fun

Mon, 06 Nov 2006 01:58:34 -0800

I used to get such automated attempts every now and then, UNTIL i changed my ssh listening port number to something other than the default (22).
To change the default sshd port, edit this file on some (all?) distros: /etc/ssh/sshd_config.  That's where it is on SUSE anyway.
Add a line, "Port 22"  where you can replace 22 with any number.

Also, some may not know where to find such attempts.  Mine shows up in /var/log/messages.

I'm curious, what is the exact command you used (well, the options and such) with `nmap`?

Jeff

Grant Kelly wrote:
I noticed someone from 219.94.133.29 scanning my ubuntu box today.
They were trying to login via SSH from a common list of names. Well, I
nmap'd em back, here's the results:

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-05 14:18 PST
Interesting ports on 219.94.133.29:
(The 1656 ports scanned but not shown below are in state: closed)
PORT      STATE    SERVICE        VERSION
21/tcp    open     ftp            vsftpd 2.0.4
22/tcp    open     ssh            OpenSSH 4.3 (protocol 1.99)
23/tcp    open     telnet         Linux telnetd
25/tcp    open     smtp           qmail smtpd
80/tcp    open     http           Apache httpd 2.2.2 ((Fedora))
110/tcp   open     pop3           qmail pop3d
111/tcp   open     rpcbind         2 (rpc #100000)
135/tcp   filtered msrpc
136/tcp   filtered profile
137/tcp   filtered netbios-ns
138/tcp   filtered netbios-dgm
139/tcp   filtered netbios-ssn
443/tcp   open     ssl/http       Apache httpd 2.2.2 ((Fedora))
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
888/tcp   open     ssl/http       3ware 3DM2 Serial RAID http config 2.0
10000/tcp open     http           Webmin httpd
27374/tcp filtered subseven

Service Info: Hosts: kuroha.net, medxis002.my.domain; OSs: Unix,
Linux; Device: storage-misc

-------

So if anyone wants to hack on some webmin, visit: https://219.94.133.29:10000/
or for some sort of RAID configuration utility, visit:
https://219.94.133.29:888/


Have fun,
Grant

_______________________________________________
RLUG mailing list
[email protected]
http://lists.rlug.org/mailman/listinfo/rlug 

begin:vcard
fn:Jeff Shippen
n:Shippen;Jeff
email;internet:[EMAIL PROTECTED]
x-mozilla-html:TRUE
version:2.1
end:vcard


_______________________________________________
RLUG mailing list
[email protected]
http://lists.rlug.org/mailman/listinfo/rlug

Reply via email to