Security Basics mailing list archives
Re: what to do?
From: Jonathan Loh <kj6loh () yahoo com>
Date: Fri, 26 Aug 2005 21:05:27 -0700 (PDT)
You could deny the host by entering ALL:80.68.204.50 in /etc/hosts.deny or if this is your private machine. Do what I do in /etc/hosts.allow enter all the IP's (ranges, hosts). and in /etc/hosts.deny. deny everybody. IE. /etc/hosts.allow sshd:a.b.c.d e.f.g.h/snm [EXCEPT i.j.k.l[/snm]] and in /etc/hosts.deny ALL:ALL This way you are only allowing various hosts access to your machine. This of course will not block ip spoofing but it will stop a lot of the attacks. If this is a corporate machine, I would do it the first way. --- Bill Smith <vinet138 () yahoo com> wrote:
Hi Guys, I noticed that someone is trying to hacker into my machine. Please see below is the content of /var/log/security. what I would like some advice of you guys is, what will I do with these people? btw, I do have FW Cheers, Bill Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer from 80.68.204.50 Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer from 80.68.204.50 Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer from 80.68.204.50 Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf from 80.68.204.50 Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf from 80.68.204.50 Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose from 80.68.204.50 Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose from 80.68.204.50 Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose from 80.68.204.50 Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges from 80.68.204.50 Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges from 80.68.204.50 Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges from 80.68.204.50 Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling from 80.68.204.50 Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling from 80.68.204.50 Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling from 80.68.204.50 Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge from 80.68.204.50 Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge from 80.68.204.50 Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge from 80.68.204.50 Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham from 80.68.204.50 Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham from 80.68.204.50 Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham from 80.68.204.50 Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm from 80.68.204.50 Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm from 80.68.204.50 Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm from 80.68.204.50 Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa from 80.68.204.50 Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa from 80.68.204.50 Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa from 80.68.204.50 Aug 24 17:56:47 tiger sshd[8281]: Invalid user green from 80.68.204.50 Aug 24 17:56:48 tiger sshd[8283]: Invalid user green from 80.68.204.50 Aug 24 17:56:48 tiger sshd[8285]: Invalid user green from 80.68.204.50 Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey from 80.68.204.50 Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey from 80.68.204.50 Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey from 80.68.204.50 Aug 24 17:56:51 tiger sshd[8293]: Invalid user group from 80.68.204.50 Aug 24 17:56:52 tiger sshd[8295]: Invalid user group from 80.68.204.50 Aug 24 17:56:52 tiger sshd[8297]: Invalid user group from 80.68.204.50 Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon from 80.68.204.50 Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon from 80.68.204.50 Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon from 80.68.204.50 Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci from 80.68.204.50 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- what to do? Bill Smith (Aug 26)
- Re: what to do? Jayson Anderson (Aug 29)
- Re: what to do? AragonX (Aug 30)
- Re: what to do? Ansgar -59cobalt- Wiechers (Aug 29)
- Re: what to do? Alexander Bolante (Aug 29)
- Re: what to do? Robert Escue (Aug 29)
- Re: what to do? Bow Sineath (Aug 29)
- Re: what to do? Leif Ericksen (Aug 31)
- Re: what to do? Duncan (Aug 29)
- Re: what to do? Jonathan Loh (Aug 29)
- RE: what to do? Eduardo Suzuki (Aug 30)
- Re: what to do? morph84 (Aug 29)
- Re: what to do? cam (Aug 30)
- Re: what to do? zp (Aug 30)
- Re: what to do? cam (Aug 30)
- Re: what to do? Barrie Dempster (Aug 29)
- Re: what to do? paavan shah (Aug 29)
- Re: what to do? Alexander Klimov (Aug 30)
- Re: what to do? Anthony J Placilla (Aug 30)
- RE: what to do? Mehmet Buyukozer (Aug 31)
- <Possible follow-ups>
- RE: what to do? Rochford, Paul (BOI Compliance) (Aug 30)
(Thread continues...)
- Re: what to do? Jayson Anderson (Aug 29)