|
URGENT: hacker's attack on linux box
hi friends,
for some time now i have beeing seeing such messages in my /var/log/secure Jun 7 01:08:59 host sshd[1955]: Did not receive identification string from 72.20.1.250 Jun 7 01:09:59 host sshd[3959]: Did not receive identification string from 72.20.1.250 Jun 7 01:10:56 host sshd[5937]: Did not receive identification string from 69.61.56.114 Jun 7 01:11:56 host sshd[7752]: Did not receive identification string from 69.61.56.114 Jun 7 01:12:55 host sshd[9633]: Did not receive identification string from 69.61.56.114 Jun 7 01:13:56 host sshd[11530]: Did not receive identification string from 69.61.56.114 i am suspecting an hacker's attemping to gain access. how can i change my ssh port to a differ one and how do i know which port is available. Thnaks |
Code:
man sshd_configCode:
Port Specifies the port number that sshd listens on. The default is 22. Multiple |
Also look at the sticky on failed SSH attempts at the top of this forum.
|
Port Knocking
You could also look into setting up port knocking...
http://www.linuxjournal.com/article/6811 Hope this helps... ---Mr. Snorfles |
yawe_frek
You could block these IP addresses using iptables just a thought. |
| All times are GMT -5. The time now is 10:19 AM. |