Hi,
Does anyone know of a package which will query an ident/auth server? I've only seen it built in to apps like sendmail, but I need a command line program which is reasonably easy to use.
The reason I'm after this is that my internet gateway at work obviously has some happless script munkey trying to get in with various random(ish) usernames through SSH. I found them on my logwatch, they're here...
sshd:
Authentication Failures:
root (ws246.internetdsl.tpnet.pl): 59 Time(s)
unknown (ws246.internetdsl.tpnet.pl): 42 Time(s)
adm (ws246.internetdsl.tpnet.pl): 2 Time(s)
apache (ws246.internetdsl.tpnet.pl): 1 Time(s)
mysql (ws246.internetdsl.tpnet.pl): 1 Time(s)
nobody (ws246.internetdsl.tpnet.pl): 1 Time(s)
operator (ws246.internetdsl.tpnet.pl): 1 Time(s)
Invalid Users:
Unknown Account: 42 Time(s)
There are more, it's annoying, so I did this:
nmap -T 5 -O -P0 80.55.200.246
and got this:
Interesting ports on ws246.internetdsl.tpnet.pl (80.55.200.246):
(The 1653 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
113/tcp open auth
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
667/tcp filtered unknown
668/tcp filtered unknown
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.27 with grsec
Uptime 20.631 days (since Wed Feb 16 07:39:22 2005)
Nmap finished: 1 IP address (1 host up) scanned in 79.327 seconds
Do you think that it's right for me to counter hack? I think I like it
Tom