[olug] attempted attacks

Tim OBrien IrishMASMS at OLUG.ORG
Tue Mar 8 15:35:56 UTC 2005


<quote who="Eric Lusk">
> Someone has too much time on their hands.  They have
> to to be trying to log into my server.  All of it's
> coming from a couple of systems in Asia, one of which
> is a web server, or at least they're masquerading as
> 202.55.229.226, along with a couple of other IP
> addresses.  The attempted logins as root don't bother
> me; even I can't log in remotely as root :)  But the
> above IP has been trying to guess usernames, and may
> have even brought down my internet service for a while
> yesterday.  Time to implement some tighter measures,
> such as changing my ssh server port away from 22.
> I doubt the sysadmins or ISPs of any of the attacking
> systems are going to do much; in my experience, most
> Asian ISPs don't care; some even seem to be
> encouraging hackers.
> At the least, it's time to modify the users on my
> system, using unusual usernames.  One of the systems
> was going through and trying to guess usernames on the system.
>

Psst: PortKnocker?

http://omaha.pm.org/emails/2004/msg00123.html
http://doorman.sourceforge.net/



-- 
Timothy "Irish" O'Brien

----------------------------------------------
A: No.
Q: Should I include e-mail quotations after my reply?
=====================================================
An often repeated quote on news.admin.net-abuse.email:
<I>
"Spam is not about content, it is about consent".
</i>
--------------------------------
Microsoft: Where do you want to go today?
Linux: Where do you want to go tomorrow?
FreeBSD: Are you guys coming or what?




More information about the OLUG mailing list