Network Security: Detailed info on RE: what to do?

Subject:	RE: what to do?
Date:	Tue, 30 Aug 2005 12:48:41 +1000

Hi Bill,

Have a read of the following:
http://blog.andrew.net.au/2005/02/17#ipt_recent_and_ssh_attacks

It basically means rate limiting your SSH to avoid script kiddies using
tools to brute force attack. Or for a quick bandaid solution you can
always have sshd listen on a non-standard port ;)

-- 
Shaineel Singh
e: mailto: shane@nextwaveaudio.com.au 
w: http://nextwaveaudio.com.au/shsingh 
p: 0424 620 254

-- 
Diamonds have no value except that which is placed upon them.

-----Original Message-----
From: Bill Smith [mailto:vinet138@yahoo.com] 
Sent: Thursday, 25 August 2005 5:30 PM
To: security-basics@securityfocus.com
Subject: what to do?


Hi Guys,

I noticed that someone is trying to hacker into my
machine. Please see below is the content of
/var/log/security.
what I would like some advice of you guys is, what
will I do with these people?
btw, I do have FW

Cheers,

Bill

Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
from 80.68.204.50
Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
from 80.68.204.50
Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
from 80.68.204.50
Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
from 80.68.204.50


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

<Prev in Thread]	Current Thread	[Next in Thread>
RE: what to do?, (continued) RE: what to do?, Eduardo Suzuki Re: what to do?, morph84 Re: what to do?, cam Re: what to do?, zp Re: what to do?, Barrie Dempster Re: what to do?, paavan shah Re: what to do?, Alexander Klimov Re: what to do?, Anthony J Placilla RE: what to do?, Mehmet Buyukozer RE: what to do?, Rochford, Paul (BOI Compliance) RE: what to do?, Shane Singh <= Re: what to do?, Steve.Cummings RE: what to do?, Shane Singh Re: what to do?, zp

Previous by Date:	RE: Computer forensics to uncover illegal internet use, McHenry, Glenn CTO1
Next by Date:	snort & manager-prelude, viktorija
Previous by Thread:	RE: what to do?, Rochford, Paul (BOI Compliance)
Next by Thread:	Re: what to do?, Steve.Cummings
Indexes:	[Date] [Thread] [Top] [All Lists]