Re: what to do?

[Barrie Dempster <barrie () reboot-robot net>]

On Thu, 2005-08-25 at 00:30 -0700, Bill Smith wrote:
> Hi Guys,
>
> I noticed that someone is trying to hacker into my
> machine. Please see below is the content of
> /var/log/security.
> what I would like some advice of you guys is, what
> will I do with these people?
> btw, I do have FW


Automated SSH scans that have been happening for a while.
If you aren't getting them then your SSH server isn't working :-P .

There are a few ways to stop them cluttering up your logs, simplest is
to put SSH on a port other than 22, as these are not often targeted
scans - they are blanket scans. Another effective technique is to drop
any IP's that appear to be brute forcing you , eg...
http://www.debian-administration.org/articles/187

Generally this is nothing to worry about if you have decent passwords on
your user accounts, but the log clutter can be a nuisance.

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description: