On 7/15/05, Josh Bowers <josh@gargoylesolutions.com> wrote:
> Steven Buehler wrote:
> >
> > On Jul 15, 2005, at 11:26 AM, John Pugh wrote:
> >
> >> FYI...most of these "attacks" come from already hacked
> >> computers so retaliation might be directed towards the wrong people.
> >
> >
> > The is also the possibility that the attacking computer has a forged IP
> > or is doing so through a proxy.
>
> I had these a couple of weeks ago and looked into it. It is probably
> someone's rooted box running an SSH brute force cracker.
>
> I don't know how effective it would be to try to contact the ISPs where
> these are originating, but it couldn't hurt. However, the attacks will
> keep coming so what I did is changed the default port for sshd. That
> alone stopped it. To be a little extra safe you can also disable root
> logins.
I kind of figured it was some sort of brute force cracker because the
attemps are time it takes the machine to return a login error.
And they are pretty consistant.
-- Chuck Hast To paraphrase my flight instructor; "the only dumb question is the one you DID NOT ask resulting in my going out and having to identify your bits and pieces in the midst of torn and twisted metal."----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:46:40 EDT