Network Security: Detailed info on RE: what to do?

Subject:	RE: what to do?
Date:	Tue, 30 Aug 2005 18:58:30 -0400

You can use "port knocking" approach to prevent these attacks. This will
solve most of your problems when combined with 

- changing default port 22 to something else
- setting number of authentication-retries


Check this link for port knocking solution for ssh
http://aplawrence.com/Security/sshloginattack.html

also for portknocking 
http://www.portknocking.org/

hope this helps.


Mehmet
www.sonofnights.com



-----Original Message-----
From: Bill Smith [mailto:vinet138@yahoo.com] 
Sent: Thursday, August 25, 2005 3:30 AM
To: security-basics@securityfocus.com
Subject: what to do?

Hi Guys,

I noticed that someone is trying to hacker into my
machine. Please see below is the content of
/var/log/security.
what I would like some advice of you guys is, what
will I do with these people?
btw, I do have FW

Cheers,

Bill

Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
from 80.68.204.50
Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
from 80.68.204.50
Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
from 80.68.204.50
Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
from 80.68.204.50
Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
from 80.68.204.50
Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
from 80.68.204.50
Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
from 80.68.204.50
Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
from 80.68.204.50
Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
from 80.68.204.50
Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
from 80.68.204.50


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: what to do?, (continued) Re: what to do?, Duncan Re: what to do?, Jonathan Loh RE: what to do?, Eduardo Suzuki Re: what to do?, morph84 Re: what to do?, cam Re: what to do?, zp Re: what to do?, Barrie Dempster Re: what to do?, paavan shah Re: what to do?, Alexander Klimov Re: what to do?, Anthony J Placilla RE: what to do?, Mehmet Buyukozer <= RE: what to do?, Rochford, Paul (BOI Compliance) RE: what to do?, Shane Singh Re: what to do?, Steve.Cummings RE: what to do?, Shane Singh Re: what to do?, zp

Previous by Date:	Re: University Degree or CISSP, Steven Kalcevich
Next by Date:	RE: University Degree or CISSP, tbost
Previous by Thread:	Re: what to do?, Anthony J Placilla
Next by Thread:	RE: what to do?, Rochford, Paul (BOI Compliance)
Indexes:	[Date] [Thread] [Top] [All Lists]