Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: what to do?

From: "Rochford, Paul (BOI Compliance)" <paul.rochford () hp com>
Date: Sun, 28 Aug 2005 14:41:31 +0100
Just looks like an automated brute force attempt. You could either block
the offending ip address at the firewall or implement tcp wrappers on
sshd. Or disable ssh access from the net to your server completely. Not
sure chasing the people will do any good as someone else could easily do
the same thing.


Kind Regards,
Paul Rochford 



-----Original Message-----
From: Bill Smith [mailto:vinet138 () yahoo com] 
Sent: Thursday, August 25, 2005 8:30 AM
To: security-basics () securityfocus com
Subject: what to do?

Hi Guys,

I noticed that someone is trying to hacker into my machine. Please see
below is the content of /var/log/security.
what I would like some advice of you guys is, what will I do with these
people?
btw, I do have FW

Cheers,

Bill

Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer from 80.68.204.50
Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer from 80.68.204.50
Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer from 80.68.204.50
Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf from 80.68.204.50
Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose from 80.68.204.50
Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose from 80.68.204.50
Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose from 80.68.204.50
Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges from 80.68.204.50
Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges from 80.68.204.50
Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling from 80.68.204.50
Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling from 80.68.204.50
Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge from 80.68.204.50
Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge from 80.68.204.50
Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham from 80.68.204.50
Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham from 80.68.204.50
Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm from 80.68.204.50
Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm from 80.68.204.50
Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa from 80.68.204.50
Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa from 80.68.204.50
Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa from 80.68.204.50
Aug 24 17:56:47 tiger sshd[8281]: Invalid user green from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8283]: Invalid user green from 80.68.204.50
Aug 24 17:56:48 tiger sshd[8285]: Invalid user green from 80.68.204.50
Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey from 80.68.204.50
Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey from 80.68.204.50
Aug 24 17:56:51 tiger sshd[8293]: Invalid user group from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8295]: Invalid user group from 80.68.204.50
Aug 24 17:56:52 tiger sshd[8297]: Invalid user group from 80.68.204.50
Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon from 80.68.204.50
Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon from 80.68.204.50
Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci from 80.68.204.50


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: