Re: [SLUG] SSH "Attack"
In the worst, somebody is trying to brute force you servers, which is virtually impossible via Internet if you do enforce relatively strong passwords. And in the less, it's just some random attempts. However, if you're pretty sure somebody is trying to obtain access to your servers, you could install an easy to configure service such as Apache to be your honeypot, and put some "seems interesting" data, such as a "lost" password file in your htdocs. You could then check if someone is trying to use those passwords to log in. It is very likely that you will get some interesting information in Apache's logs about your fellas. On Sun, 26 Sep 2004 13:12:46 +1000, Phil Scarratt <[EMAIL PROTECTED]> wrote: > Howdy > > Over the last 3-4 days all machines under my control with public access > have logged attempts by someone(people) to log in via ssh (only port > that is open on the machines). They've tried usernames like test, admin, > root and a half a dozen other generic system usernames. They're using, > in some cases, unresolvable ip addresses, and some of the same ip > addresses pop up on totally unrelated machines. As far as I can tell > they haven't succeeded. > > Anyone else been getting such attacks? Just seems a little odd that all > of a sudden after a long period of silence, someone (peoples) tries now. > > Fil > > -- >^__^ > /\ F I R E F O X > \/ www.getfirefox.com >\ \___ > \_/ /| > \ \___/ | > \ / >\_/ > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- Julio C. Ody http://rootshell.be/~julioody -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS/SS/CC d@ s: a? C++(+++) ULB+++$ P L+++$ !E W++(+++) N+ !o K- !w O- M V- PS+ PE Y+ PGP++(-) t 5 X R+ tv-- b++ DI-- D+ G++ e h r+ y++* --END GEEK CODE BLOCK-- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] SSH "Attack"
Hey Fil, I too have been getting daily SSH attempts. Running: grep Illegal /var/log/auth.log usually reveals something like: Sep 20 07:10:32 localhost sshd[7326]: Illegal user test from :::203.71.62.9 Sep 20 07:10:34 localhost sshd[7328]: Illegal user guest from :::203.71.62.9 Sep 20 07:10:36 localhost sshd[7330]: Illegal user admin from :::203.71.62.9 etc According to a friend of mine (he's getting scanned to) it's someone from Japan scanning the Internet for insecure boxes. My guess is that someone has control of a hoard of zombies and is scanning around randomly. As long as you aren't using insecure passwords and you're system is up-to-date there's nothing they can do. Also, I don't recommend allowing root SSH access...make sure you're using sudo instead. nullobject. On Sun, 26 Sep 2004 13:12:46 +1000, Phil Scarratt <[EMAIL PROTECTED]> wrote: > Howdy > > Over the last 3-4 days all machines under my control with public access > have logged attempts by someone(people) to log in via ssh (only port > that is open on the machines). They've tried usernames like test, admin, > root and a half a dozen other generic system usernames. They're using, > in some cases, unresolvable ip addresses, and some of the same ip > addresses pop up on totally unrelated machines. As far as I can tell > they haven't succeeded. > > Anyone else been getting such attacks? Just seems a little odd that all > of a sudden after a long period of silence, someone (peoples) tries now. > > Fil > > -- >^__^ > /\ F I R E F O X > \/ www.getfirefox.com >\ \___ > \_/ /| > \ \___/ | > \ / >\_/ > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] SSH "Attack"
Phil Scarratt wrote: Anyone else been getting such attacks? Just seems a little odd that all of a sudden after a long period of silence, someone (peoples) tries now. yep we are seeing more and more of these all the time. if dns doesn't help you locate them, you can whois their ip and get some information from it. I believe most of them come from overseas (if not all), so it might be worth while using tcpwrappers to limit connections from whole netblocks. host.deny blocks all ssh access and hosts.allow allows it for certain subnets. Most modern sshds have tcpwrappers support in them. dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] SSH "Attack"
Howdy Over the last 3-4 days all machines under my control with public access have logged attempts by someone(people) to log in via ssh (only port that is open on the machines). They've tried usernames like test, admin, root and a half a dozen other generic system usernames. They're using, in some cases, unresolvable ip addresses, and some of the same ip addresses pop up on totally unrelated machines. As far as I can tell they haven't succeeded. Anyone else been getting such attacks? Just seems a little odd that all of a sudden after a long period of silence, someone (peoples) tries now. Fil -- ^__^ /\ F I R E F O X \/ www.getfirefox.com \ \___ \_/ /| \ \___/ | \ / \_/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] University of Wollongong
Ashley Maher wrote: G'day, Today an Installfest was held at the University of Wollongong. At lunch 40 participants were catered for. It is believed over 50 participants attended the day. A big thanks to SLUG, Jan, Bruce, Craig and Chris. Without their assistance today would not have been the success that it most assuredly was. Regards, Ashley Great to hear of the successbut damn it if I didn't forget it was on - even left the original msg in the inbox so I'd remember for Sat - dangnabbit!!! Fil -- ^__^ /\ F I R E F O X \/ www.getfirefox.com \ \___ \_/ /| \ \___/ | \ / \_/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Sharing SATA disk
I'm running 2.6.7 kernel with low-latency patches for audio file processing. It seems to me that when 2 separate apps are writing to the SATA hard disk (e.g. copy contents from IDE CDRom and 56k internet file download) the CD file copy slows to a crawl - i.e. the total time taken to write data is far more than just the sum of the 2 processes). Is this a consequence of low-latency patches ? Internet download at 56k won't be writing very fast to the disk, and copy from a CDROM on the separate IDE channel should only take a few seconds rather than minutes for 650 meg. ??? thanks Rod -- --- Brought to you by a thunderbird, penguin, gnu and a camel -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] some basic training
Hi there, I could do with a little knowledge i run a debian Linux platform set up by a mate ,Matt Davidson.so I don't have to pester him with long distance phone calls want to get a bit of basic info and would like to know if any one is running a course in how to use some of the open source programmes for SVG. sodipod and the like .will try and make it to your meeting Oct 29th RAY. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [activities] Re: [SLUG] University of Wollongong
> On Sat, 2004-09-25 at 18:13 +1000, Ashley Maher wrote: > > > Today an Installfest was held at the University of Wollongong. At lunch > > 40 participants were catered for. It is believed over 50 participants > > attended the day. > > Hopefully such a strong turnout sews the seeds of a healthy users group > potentially starting up in Wollongong. There were plenty of sharp minds > and enthusiasm in the turn out. Great day Ashley. > It was certainly a good kickoff for such a group. Thanks you to Ashley, Greg and Daniel for lining everything up and making it happen so successfully. Cheers, Jan. -- Jan Schmidt [EMAIL PROTECTED] It is hard to believe that a man is telling the truth when you know that you would lie if you were in his place. - H.L. Mencken -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] University of Wollongong
On Sat, 2004-09-25 at 18:13 +1000, Ashley Maher wrote: > Today an Installfest was held at the University of Wollongong. At lunch > 40 participants were catered for. It is believed over 50 participants > attended the day. Hopefully such a strong turnout sews the seeds of a healthy users group potentially starting up in Wollongong. There were plenty of sharp minds and enthusiasm in the turn out. Great day Ashley. -- When you are about to die, a wombat is better than no company at all. -- Roger Zelazny, "Doorways in the Sand" signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] University of Wollongong
It was great to see all the Powerbook and iBook users :) *winks* On Sat, 25 Sep 2004 18:13:26 +1000, Ashley Maher <[EMAIL PROTECTED]> wrote: > G'day, > > Today an Installfest was held at the University of Wollongong. At lunch > 40 participants were catered for. It is believed over 50 participants > attended the day. > > A big thanks to SLUG, Jan, Bruce, Craig and Chris. Without their > assistance today would not have been the success that it most assuredly was. > > Regards, > > Ashley > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] University of Wollongong
G'day, Today an Installfest was held at the University of Wollongong. At lunch 40 participants were catered for. It is believed over 50 participants attended the day. A big thanks to SLUG, Jan, Bruce, Craig and Chris. Without their assistance today would not have been the success that it most assuredly was. Regards, Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html