LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-16-2005, 11:38 AM   #1
stitchman
Member
 
Registered: Dec 2005
Distribution: Slackware 13.1
Posts: 82

Rep: Reputation: 15
someone trying to brute force me


i was just checking out my logs and i noticed two occassions of someone using a script of some kind to log in as root and alot of random user names. as far as i saw all tries were denied. i am wondering how often this happens to anyone and should i be really worried? also is there a way to shut down log in capabilities if it is detected that someone is trying to brute force their way in?
 
Old 12-16-2005, 11:43 AM   #2
Gort32
Member
 
Registered: Sep 2004
Distribution: Slack!
Posts: 150

Rep: Reputation: 15
Generally this is just part of the background whitenoise on the Internet... If you have strong passwords you should be safe. If you are paranoid (not a bad thing) look into Snort - it can handle keeping track of your system for you.
 
Old 12-16-2005, 11:43 AM   #3
robrecc
Member
 
Registered: Feb 2002
Posts: 50

Rep: Reputation: 15
Are these ssh attacks. If so I would take a look at hosts deny from sourcefoge. I would also read up on securing the sshd_config file
 
Old 12-16-2005, 11:47 AM   #4
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,325

Rep: Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760
You're opening your TCP 22 port,
sometime someone run a script that scans the network,
he/she see your port is open and need to test your
password strategy.

It is not uncommon, some run ssh on different ports
and other simply don't run ssh at all
 
Old 12-16-2005, 12:32 PM   #5
soulestream
Member
 
Registered: Nov 2005
Posts: 183

Rep: Reputation: 30
cd /etc/ssh/sshd_config

uncomment PermintRootLogin no <-may need to change to no.


all the script kiddies out there are trying common passwords with root as the user. Dont let the root account login, then someone has to quess your password (use a good one) and your username.


after you are in you an always su to root


soule
 
Old 12-16-2005, 12:38 PM   #6
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
One other approach would be to move to public/private key authentication and disable username/password logins for ssh altogether. Then the script kiddies can try all the combinations they want and don't have a snowballs chance in hell of getting in.
 
Old 12-16-2005, 12:49 PM   #7
EclipseAgent
Member
 
Registered: Oct 2005
Location: California
Distribution: SLED 10, openSuSE 10.2, Ubuntu Drapper
Posts: 713

Rep: Reputation: 30
Just a newbie question, but what logs were you checking? Thanks.
 
Old 12-16-2005, 12:52 PM   #8
stitchman
Member
 
Registered: Dec 2005
Distribution: Slackware 13.1
Posts: 82

Original Poster
Rep: Reputation: 15
im a newb too, but heres the log for checking that sort of thing.../var/log/messages


thanks for all the responces everyone.
 
Old 12-16-2005, 03:02 PM   #9
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
http://www.linuxquestions.org/questi...d.php?t=340366

That's the security forum sticky on the matter, they have pretty much beat this old horse down in there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH brute force.... compromised? heri0n Linux - Security 15 11-21-2004 06:51 PM
brute force 'mungas bungas ' ovparrilla Linux - Software 2 07-06-2004 03:38 PM
Nessus Brute Force Gerardoj Linux - General 0 12-27-2003 05:07 PM
Brute force DHCP SSBN Linux - Networking 10 10-21-2003 11:34 AM
Brute Force kwigibo Linux - General 2 08-01-2002 01:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration