Network Security: Detailed info on Re: what to do?

Subject:	Re: what to do?
Date:	Sat, 27 Aug 2005 11:33:54 +0200

Bill Smith wrote:

Hi Guys,

I noticed that someone is trying to hacker into my
machine. Please see below is the content of
/var/log/security.
what I would like some advice of you guys is, what
will I do with these people?
btw, I do have FW

Cheers,

Bill

Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
from 80.68.204.50
Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
from 80.68.204.50
Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
from 80.68.204.50
Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
from 80.68.204.50


Hi Bill,
I haven't much experience and i am not sure, but it looks like a
dictionary attack over your ssh deamon.
First if yuo dont need ssh stop the deamon. :-)
Else one way is to run ssh on a different port or, if possible, restrict
access by source IP address.
If you don't absolutely need a login based on a password, you could also
authenticate via ssh keys (man ssh-keygen). Then you can turn off password
based authentication.
I think that there are many others ways, for more information look at
the archives of securityfocus.
Sorry for my english.
Regards.


-- 
Morph84

Fedora 3/4 GNU/Linux User

1° mail:  lucas84@uno.it
2° mail:  morph84@gmail.com
IRC:      irc.azzurra.net -> #linuxmania-#hackerkulture-#fedora-it-#disi
Jabber:   morph84@jabber.linux.it
GPG Key:  BED280B0 on keyserver.linux.it
web page: http://freenet.sourceforge.net - www.gugli.it - 
www.nosoftwarepatents.com-www.python.it


What is "real"?
How do you define "real"?
If you are talking about what you can feel...what you can
smell,taste and see...then real is simply electrical signal
interpreted by your brain.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: what to do?, (continued) Re: what to do?, Jayson Anderson Re: what to do?, AragonX Re: what to do?, Ansgar -59cobalt- Wiechers Re: what to do?, Alexander Bolante Re: what to do?, Robert Escue Re: what to do?, Bow Sineath Re: what to do?, Leif Ericksen Re: what to do?, Duncan Re: what to do?, Jonathan Loh RE: what to do?, Eduardo Suzuki Re: what to do?, morph84 <= Re: what to do?, cam Re: what to do?, zp Re: what to do?, Barrie Dempster Re: what to do?, paavan shah Re: what to do?, Alexander Klimov Re: what to do?, Anthony J Placilla RE: what to do?, Mehmet Buyukozer RE: what to do?, Rochford, Paul (BOI Compliance) RE: what to do?, Shane Singh Re: what to do?, Steve.Cummings

Previous by Date:	Re: what to do?, Jonathan Loh
Next by Date:	Re: what to do?, Barrie Dempster
Previous by Thread:	RE: what to do?, Eduardo Suzuki
Next by Thread:	Re: what to do?, cam
Indexes:	[Date] [Thread] [Top] [All Lists]