LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   # of hacking attemots vs system size vs time (https://www.linuxquestions.org/questions/linux-security-4/of-hacking-attemots-vs-system-size-vs-time-235210/)

DrNeil 09-25-2004 07:32 PM
# of hacking attempts vs system size vs time
 
Just out of interest is that a normal amount of hacking attempts for our system size?

Our server runs about 20 webservers and 50 email accounts .

When we started the system there were until we shut it down 50.000 emails sent over us with a couple of hours on the first day. Since we reside with a big service provider in Germany, maybe they target them proforma. We had a system in the States before, the amount wasn't nearly as big as that.

Timeframe is from beginning September to today. In the mo I have hosts.allow and firewall running, no root login and only certain machines incoming. I'll look into keygen ssh.


# some specific drop IPs just for troublemakers.
203.236.241.189 -j DROP # illegal login attempt ssh
210.105.240.195 -j DROP # illegal login attempt ssh
210.83.195.78 -j DROP # illegal login attempt ssh
217.113.73.102 -j DROP # illegal login attempt ssh
69.28.69.138 -j DROP # illegal login attempt ssh
193.204.49.40 -j DROP # illegal login attempt ssh
203.236.241.189 -j DROP # illegal login attempt ssh
220.168.17.55 -j DROP # illegal login attempt ssh
62.117.78.34 -j DROP # illegal login attempt ssh
213.69.152.70 -j DROP # illegal login attempt ssh
80.55.252.66 -j DROP # illegal access on http script
67.113.225.67 -j DROP # illegal ftp login attempt 7.9.2004
218.84.100.230 -j DROP # illegal ssh login attempt 7.9.2004
12.174.224.3 -j DROP # illegal ssh login attempt 8.9.2004
61.166.6.60 -j DROP # illegal ssh login attempt 9.9.2004
80.207.208.85 -j DROP # illegal ssh login attempt 10.9.2004
69.31.86.200 -j DROP # illegal ssh login attempt 11.9.2004
211.248.173.2 -j DROP # illegal ssh login attempt 11.9.2004
216.9.241.69 -j DROP # illegal ssh login attempt 12.9.2004
81.169.151.2 -j DROP # illegal ssh login attempt 12.9.2004
81.169.151.3 -j DROP # illegal ssh login attempt 13.9.2004
134.34.53.250 -j DROP # illegal ftp login attempt 14.9.2004
218.188.4.24 -j DROP # illegal ssh login attempt 15.9.2004
220.73.215.151 -j DROP # illegal ssh login attempt 15.9.2004
66.28.204.50 -j DROP # illegal ssh login attempt 16.9.2004
81.169.157.38 -j DROP # illegal ssh login attempt 16.9.2004
81.169.151.34 -j DROP # illegal scan attempt 17.9.2004
212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.197 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.199 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.200 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.201 -j DROP # illegal ssh login attempt 17.9.2004
84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004
134.34.53.250 -j DROP # illegal ssh login attempt 17.9.2004
84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004
219.140.166.19 -j DROP # illegal ssh login attempt 18.9.2004
148.235.242.165 -j DROP # illegal ssh login attempt 19.9.2004
205.209.168.20 -j DROP # illegal ssh login attempt 19.9.2004
202.30.32.19 -j DROP # illegal ssh login attempt 19.9.2004
80.67.224.21 -j DROP # illegal mysql login attempt 3.9.2004
66.199.181.64 -j DROP # illegal ssh login attempt 21.9.2004
80.128.94.56 -j DROP # illegal ssh login attempt 22.9.2004
210.212.204.37 -j DROP # illegal ssh login attempt 22.9.2004
61.184.104.236 -j DROP # illegal ssh login attempt 22.9.2004
218.232.104.41 -j DROP # illegal ssh login attempt 22.9.2004
201.10.45.4 -j DROP # illegal ssh login attempt 23.9.2004
218.188.9.51 -j DROP # illegal ssh login attempt 23.9.2004
148.215.14.181 -j DROP # illegal ssh login attempt 24.9.2004
70.240.3.138 -j DROP # illegal ssh login attempt 24.9.2004

DrNeil 09-25-2004 07:37 PM
Quote:
Originally Posted by Capt_Caveman
In regards to the number of ssh login attempts you observed, yes that isn't abnormal. I've seen systems log significantly more than that.
I am sure there are servers attacked more.

But I was relating this to system size and time frame which are certainly factors in the amout of attempts.

Does your answer include these two factors?

So not absolute but relative. Also I am not talking peak time hacking attempts but long term median/means.

My old system wasn't that much under threat so I wondered. The amount of servers and emails didn't change. just the provider.
:)

Capt_Caveman 09-26-2004 11:47 PM
On a single machine/IP I'm seeing about 2 attempts per day on average, with occasional spikes of about 5-10 repeated login attempts from a single IP address. So that looks to be about the same as what your seeing. That's not from high profile systems either, so they shouldn't be attracting any abnormal attention. If you want anything more mathematically exact, I'll have to break out my abacus.

DrNeil 09-27-2004 07:52 PM
Thanks :)


All times are GMT -5. The time now is 08:46 AM.