LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-25-2004, 07:32 PM   #1
DrNeil
Member
 
Registered: Aug 2004
Location: Scotland
Distribution: Debian, Suse, Knoppix, Dyna:bolic, Mandrake [couple of years ago], Slackware [1993 or so]
Posts: 150

Rep: Reputation: 15
# of hacking attempts vs system size vs time


Just out of interest is that a normal amount of hacking attempts for our system size?

Our server runs about 20 webservers and 50 email accounts .

When we started the system there were until we shut it down 50.000 emails sent over us with a couple of hours on the first day. Since we reside with a big service provider in Germany, maybe they target them proforma. We had a system in the States before, the amount wasn't nearly as big as that.

Timeframe is from beginning September to today. In the mo I have hosts.allow and firewall running, no root login and only certain machines incoming. I'll look into keygen ssh.


# some specific drop IPs just for troublemakers.
203.236.241.189 -j DROP # illegal login attempt ssh
210.105.240.195 -j DROP # illegal login attempt ssh
210.83.195.78 -j DROP # illegal login attempt ssh
217.113.73.102 -j DROP # illegal login attempt ssh
69.28.69.138 -j DROP # illegal login attempt ssh
193.204.49.40 -j DROP # illegal login attempt ssh
203.236.241.189 -j DROP # illegal login attempt ssh
220.168.17.55 -j DROP # illegal login attempt ssh
62.117.78.34 -j DROP # illegal login attempt ssh
213.69.152.70 -j DROP # illegal login attempt ssh
80.55.252.66 -j DROP # illegal access on http script
67.113.225.67 -j DROP # illegal ftp login attempt 7.9.2004
218.84.100.230 -j DROP # illegal ssh login attempt 7.9.2004
12.174.224.3 -j DROP # illegal ssh login attempt 8.9.2004
61.166.6.60 -j DROP # illegal ssh login attempt 9.9.2004
80.207.208.85 -j DROP # illegal ssh login attempt 10.9.2004
69.31.86.200 -j DROP # illegal ssh login attempt 11.9.2004
211.248.173.2 -j DROP # illegal ssh login attempt 11.9.2004
216.9.241.69 -j DROP # illegal ssh login attempt 12.9.2004
81.169.151.2 -j DROP # illegal ssh login attempt 12.9.2004
81.169.151.3 -j DROP # illegal ssh login attempt 13.9.2004
134.34.53.250 -j DROP # illegal ftp login attempt 14.9.2004
218.188.4.24 -j DROP # illegal ssh login attempt 15.9.2004
220.73.215.151 -j DROP # illegal ssh login attempt 15.9.2004
66.28.204.50 -j DROP # illegal ssh login attempt 16.9.2004
81.169.157.38 -j DROP # illegal ssh login attempt 16.9.2004
81.169.151.34 -j DROP # illegal scan attempt 17.9.2004
212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.197 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.199 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.200 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.201 -j DROP # illegal ssh login attempt 17.9.2004
84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004
134.34.53.250 -j DROP # illegal ssh login attempt 17.9.2004
84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004
219.140.166.19 -j DROP # illegal ssh login attempt 18.9.2004
148.235.242.165 -j DROP # illegal ssh login attempt 19.9.2004
205.209.168.20 -j DROP # illegal ssh login attempt 19.9.2004
202.30.32.19 -j DROP # illegal ssh login attempt 19.9.2004
80.67.224.21 -j DROP # illegal mysql login attempt 3.9.2004
66.199.181.64 -j DROP # illegal ssh login attempt 21.9.2004
80.128.94.56 -j DROP # illegal ssh login attempt 22.9.2004
210.212.204.37 -j DROP # illegal ssh login attempt 22.9.2004
61.184.104.236 -j DROP # illegal ssh login attempt 22.9.2004
218.232.104.41 -j DROP # illegal ssh login attempt 22.9.2004
201.10.45.4 -j DROP # illegal ssh login attempt 23.9.2004
218.188.9.51 -j DROP # illegal ssh login attempt 23.9.2004
148.215.14.181 -j DROP # illegal ssh login attempt 24.9.2004
70.240.3.138 -j DROP # illegal ssh login attempt 24.9.2004

Last edited by DrNeil; 09-25-2004 at 07:39 PM.
 
Old 09-25-2004, 07:37 PM   #2
DrNeil
Member
 
Registered: Aug 2004
Location: Scotland
Distribution: Debian, Suse, Knoppix, Dyna:bolic, Mandrake [couple of years ago], Slackware [1993 or so]
Posts: 150

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Capt_Caveman
In regards to the number of ssh login attempts you observed, yes that isn't abnormal. I've seen systems log significantly more than that.
I am sure there are servers attacked more.

But I was relating this to system size and time frame which are certainly factors in the amout of attempts.

Does your answer include these two factors?

So not absolute but relative. Also I am not talking peak time hacking attempts but long term median/means.

My old system wasn't that much under threat so I wondered. The amount of servers and emails didn't change. just the provider.

Last edited by DrNeil; 09-25-2004 at 07:38 PM.
 
Old 09-26-2004, 11:47 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
On a single machine/IP I'm seeing about 2 attempts per day on average, with occasional spikes of about 5-10 repeated login attempts from a single IP address. So that looks to be about the same as what your seeing. That's not from high profile systems either, so they shouldn't be attracting any abnormal attention. If you want anything more mathematically exact, I'll have to break out my abacus.
 
Old 09-27-2004, 07:52 PM   #4
DrNeil
Member
 
Registered: Aug 2004
Location: Scotland
Distribution: Debian, Suse, Knoppix, Dyna:bolic, Mandrake [couple of years ago], Slackware [1993 or so]
Posts: 150

Original Poster
Rep: Reputation: 15
Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to set and sync system time with time server?? servnov Linux - Newbie 6 12-03-2013 07:55 PM
file system size larger than fysical size:superblock or partition table corrupt klizon Linux - General 0 06-18-2004 04:18 PM
Setting System Time: kernel in wrong time zone warrenweiss Linux - General 7 05-15-2004 03:25 PM
Hacking Exposed Wireless Hacking Chapter prompt Linux - Wireless Networking 0 05-08-2004 02:44 PM
Updating System time from some Inet time server Steave Linux - General 6 12-21-2001 02:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration