LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-10-2006, 07:07 PM   #1
impulse()
Member
 
Registered: May 2006
Posts: 38

Rep: Reputation: 15
Growing ever concerned about attacks on SSH


Over the past few weeks I noticed many failed logins from various IPs on Samba and SSHD. After advice given on here I was pointed towards DenyHosts which seemed to be doing its job correctly. I've checked my roots mail just and I see.



PHP Code:
Connections Denied:
    
lib/access.c:check_access(328)  87.10.29.244 1 Time(s)
    
lib/access.c:check_access(328)  87.10.84.135 1 Time(s)
    
lib/access.c:check_access(328)  87.107.226.158 2 Time(s)
    
lib/access.c:check_access(328)  87.110.74.5 3 Time(s)
    
lib/access.c:check_access(328)  87.120.52.16 2 Time(s)
    
lib/access.c:check_access(328)  87.123.100.35 5 Time(s)
    
lib/access.c:check_access(328)  87.234.207.220 2 Time(s)
    
lib/access.c:check_access(328)  87.24.216.19 2 Time(s)
    
lib/access.c:check_access(328)  87.242.27.152 2 Time(s)
    
lib/access.c:check_access(328)  87.243.150.66 2 Time(s)
    
lib/access.c:check_access(328)  87.247.167.157 1 Time(s)
    
lib/access.c:check_access(328)  87.3.131.207 1 Time(s)
    
lib/access.c:check_access(328)  87.51.244.250 1 Time(s)
    
lib/access.c:check_access(328)  87.53.254.231 1 Time(s)
    
lib/access.c:check_access(328)  87.64.26.202 1 Time(s)
    
lib/access.c:check_access(328)  87.7.177.206 2 Time(s)
    
lib/access.c:check_access(328)  87.78.86.12 2 Time(s)
    
lib/access.c:check_access(328)  87.8.144.98 2 Time(s)
    
smbd/process.c:process_smb(110387.10.29.244 1 Time(s)
    
smbd/process.c:process_smb(110387.10.84.135 1 Time(s)
    
smbd/process.c:process_smb(110387.107.226.158 2 Time(s)
    
smbd/process.c:process_smb(110387.110.74.5 3 Time(s)
    
smbd/process.c:process_smb(110387.120.52.16 2 Time(s)
    
smbd/process.c:process_smb(110387.123.100.35 5 Time(s)
    
smbd/process.c:process_smb(110387.234.207.220 2 Time(s)
    
smbd/process.c:process_smb(110387.24.216.19 2 Time(s)
    
smbd/process.c:process_smb(110387.242.27.152 2 Time(s)
    
smbd/process.c:process_smb(110387.243.150.66 2 Time(s)
    
smbd/process.c:process_smb(110387.247.167.157 1 Time(s)
    
smbd/process.c:process_smb(110387.3.131.207 1 Time(s)
    
smbd/process.c:process_smb(110387.51.244.250 1 Time(s)
    
smbd/process.c:process_smb(110387.53.254.231 1 Time(s)
    
smbd/process.c:process_smb(110387.64.26.202 1 Time(s)
    
smbd/process.c:process_smb(110387.7.177.206 2 Time(s)
    
smbd/process.c:process_smb(110387.78.86.12 2 Time(s)
    
smbd/process.c:process_smb(110387.8.144.98 2 Time(s
But DenyHosts doesn't seem to have blocked any of the IPs. Is there any other cautions I can take to stop unwanted access besides DenyHosts?

Thanx in advance,
 
Old 09-11-2006, 03:33 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I don't know what your exact requirements are, but I suggest considering (to the extent feasible) trying to block access at the firewall.
 
Old 09-11-2006, 04:34 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
@impulse(): If you made certain DenyHosts didn't block those you probably made a mistake configuring it. If it has problems you can't fix it would be good to inform its developer or maintainer. Next read the sticky thread "Failed SSH login attempts" in this forum for an overview of other software with similar capabilities.

@blackhole54: spastic post button behaviour is a clientside problem. No software will ever be able to compensate for that. If you "think" the button does not respond please *wait* a minute or so.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Preventing SSH Dictionary Attacks With DenyHosts LXer Syndicated Linux News 0 02-19-2006 12:01 PM
New and concerned- FW question aquaboot Linux - Security 3 08-17-2005 06:46 PM
should i be concerned (defragment?)... marsques Slackware 6 01-13-2005 01:10 AM
Should I be concerned? LinuxBAH Linux - Security 8 02-07-2004 01:24 PM
should i be concerned Zaius Linux - Newbie 3 01-26-2004 03:40 PM


All times are GMT -5. The time now is 11:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration