Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Is this normal?

from [xyberpix] Network Security [Permanent Link]
Subject: Re: Is this normal?
Date: Sun, 24 Oct 2004 12:55:58 +0100 
I'd say setup verbose logging on SSHD, and see what they're trying to
do, may shed some light onto the subject. If you need any help with this
let me know.

xyberpix


On Thu, 2004-10-21 at 18:48, Erlend Lorentzen wrote:

Hi

I'm not very experienced with this sort of thing so please bear with me.
The following concerns my Slackware 9.1 NAT/Firewall protecting my Home
LAN from the Internet.

Checking my logs today I was a bit surprised to find about 80 refused
connection attempts to my sshd during the last month like:
Oct  7 21:22:27 firewall sshd[9710]: refused connect from
xxx.xxx.xxx.xxx

I did reverse lookups on the IP's with dig and found that the attemts
originated from a variety of hosts from Italy, Polen, Russia, Sweden and
Pakistan to name but a few.

One particular host had tried connecting 19 times with just a few
seconds between tries (is he/she just trying different commonly used
passwords?)

Now to my questions:
Is this Normal?
Should I be concerned?
Any security tips, suggestions, thoughts? (I update regularly with
swaret (SlackwareTool), use strong random passwords, tcp wrappers)
Anyone know a good guide to hardening Slackware?
Anything else you'd like to mention?

Thanks, your help is much appreciated!

Best regards Erlend.

-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: 0.0.0.0 Probes, xyberpix
Next by Date:  RE: Searching for Canadian IT Security agencies...., Clement Dupuis
Previous by Thread:  Re: Is this normal?, Callan K L Tham
Next by Thread:  RE: Is this normal?, Shawn Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]