LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-14-2005, 08:23 AM   #1
lenlutz
Member
 
Registered: May 2003
Location: philadelhpia pa
Posts: 92

Rep: Reputation: 15
Apparent hacker Attack


Some useless punks Must be trying to break into my mcchine
(so it appears)

Im seeing this in /var/log/messages:

Oct 11 00:52:52 My_Machine_Name sshd(pam_unix)[12728]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=ol94-241.fibertel.com.ar
Oct 11 00:52:56 My_Machine_Name sshd(pam_unix)[12730]: check pass; user unknown
Oct 11 00:52:56 My_Machine_Name sshd(pam_unix)[12730]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=ol94-241.fibertel.com.ar

Oct 11 11:39:21 My_Machine_Name sshd(pam_unix)[16219]: check pass; user unknown
Oct 11 11:39:25 My_Machine_Name sshd(pam_unix)[16221]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.106.179.139


And in /var/log/secure, this is showing up:

Oct 9 20:24:20 My_Machine_Name sshd[3633]: Failed password for root from 60.248.193.86 port 56140 ssh2
Oct 9 20:24:25 My_Machine_Name sshd[3635]: Failed password for illegal user optic from 60.248.193.86 port 56462 ssh2
Oct 9 20:24:31 My_Machine_Name sshd[3637]: Failed password for illegal user service from 60.248.193.86 port 56793 ssh2
Oct 9 20:24:37 My_Machine_Name sshd[3639]: Failed password for illegal user admin from 60.248.193.86 port 57117 ssh2

A) is there any way to Block These address ?
B) Can i increase "Failed Login Delay", to at least slow them down ?
(if so, how ?)
C) i dont know just how secure my machine is, how can i know, What Can I Do ???? '-(
 
Old 10-14-2005, 08:47 AM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 10-14-2005, 09:10 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,669
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
A) is there any way to Block These address ?
Sure. Search this forum, there are a few ways. If you only allow/need ssh for administrative purposes the easiest way is to tighten access (firewall, /etc/hosts.{allow,deny}, Xinetd if you use that) to a few "known good" subnets admins ssh in from.


B) Can i increase "Failed Login Delay", to at least slow them down ?
All I can say is I wouldn't waste time playing around with minor stuff like timing tricks when there's stuff to do with greater benefits.


C) i dont know just how secure my machine is, how can i know, What Can I Do
Make a start hardening your box and network. Run a Nessus scan from a remote host, install and run Tiger and/or LSAT (NSAT, not Mixter's stuff) and continue by checking out the LQ FAQ: Security references.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hacker attack carrion Linux - Security 11 08-23-2004 03:03 PM
hacker attack? firestomper41 Mandriva 8 05-09-2004 05:35 PM
Apparent Fetchmail problem anorman Linux - Software 0 08-28-2003 10:59 AM
hacker attack? zetsui Linux - General 4 08-04-2003 07:03 AM
LFS - first apparent problem itsjustme Linux From Scratch 22 07-22-2003 01:58 PM


All times are GMT -5. The time now is 05:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration