LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page System subjected to heavy fire on the part of would-be intruders.
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-11-2010, 02:19 AM   #1
stf92
Senior Member
 
Registered: Apr 2007
Location: Buenos Aires.
Distribution: Slackware
Posts: 4,442

Rep: Reputation: 76
System subjected to heavy fire on the part of would-be intruders.

Kernel 2.6.21.5, GNU (Slackware 12.0).

Hi:
The following are two extracts from /var/log/messages.

Code:
Aug 10 17:29:52 darkstar sshd[11675]: reverse mapping checking getaddrinfo for 116.214.25
-66.del.tulipconnect.com [116.214.25.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 10 17:29:52 darkstar sshd[11675]: Invalid user plcmspip from 116.214.25.66
Aug 10 17:29:52 darkstar sshd[11675]: Failed password for invalid user plcmspip from 116.
214.25.66 port 40032 ssh2
Aug 10 17:29:56 darkstar sshd[11677]: reverse mapping checking getaddrinfo for 116.214.25
-66.del.tulipconnect.com [116.214.25.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 10 17:29:56 darkstar sshd[11677]: Invalid user plcmspip from 116.214.25.66
Aug 10 17:29:56 darkstar sshd[11677]: Failed password for invalid user plcmspip from 116.
214.25.66 port 40111 ssh2
Code:
Aug 10 11:58:14 darkstar sshd[9411]: Failed password for root from 173.192.227.66 port 57
216 ssh2
Aug 10 11:58:16 darkstar sshd[9413]: Failed password for root from 173.192.227.66 port 57
310 ssh2
Aug 10 11:58:18 darkstar sshd[9415]: Failed password for root from 173.192.227.66 port 57
440 ssh2
Does this activity slow down system performance in a sensible way? Thanks in advance.
 
Old 08-11-2010, 04:34 AM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Quote:
Originally Posted by stf92 View Post
Does this activity slow down system performance in a sensible way? Thanks in advance.
Whether there is any noticeable slow down, or not, I'd be more concerned about whether there are security implications (and, in extremis, a slow down could be a security implication).

You seem to be under attack from two entirely disparate IP addresses, maybe part of a botnet, maybe coincidence. I know that these days, this is a fact of life, but they are trying the door handles, be very, very sure that they are not going to find an easy door handle to open, otherwise you are in a world of trouble.

Quote:
Slackware 12.0
Everything patched and up to date?
 
1 members found this post helpful.
Old 08-11-2010, 04:49 AM   #3
stf92
Senior Member
 
Registered: Apr 2007
Location: Buenos Aires.
Distribution: Slackware
Posts: 4,442

Original Poster
Rep: Reputation: 76
Well, as a matter of fact, I've disabled the running of the SSH daemon at boot time. In this way, I hope not seeing those messages anymore. I do not have any need for remote login to my machine.

However, before I took this measure, there were a couple of things that seemed wierd to me and that made ask this question.

Slackware is currently at 13.x but I've decided my machine can't be overburdened with larger and larger OSs. Thanks for your kind reply.
 
Old 08-11-2010, 01:01 PM   #4
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
  


Reply

Tags
ssh



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tracing Intruders connecting to our system in Redhat Linux operating system vkunasani Linux - Software 4 02-15-2010 06:23 AM
System Very Unresponsive Under Heavy Disk I/O... bthornton Linux - Server 5 01-16-2010 03:32 PM
LXer: How to catch Linux system intruders LXer Syndicated Linux News 0 09-20-2008 03:40 PM
System clock slows dramatically under heavy load lb2478 Linux - Hardware 1 05-18-2004 10:55 PM
System very choppy while under heavy i/o load devhen Linux - General 3 09-30-2003 04:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:08 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration