Re: illegal user logon

To: debian-amd64@lists.debian.org
Subject: Re: illegal user logon
From: Corey Hickey <bugfood-ml@fatooh.org>
Date: Sun, 21 Aug 2005 00:04:23 -0700
Message-id: <[🔎] 43082777.6000209@fatooh.org>
In-reply-to: <[🔎] 1124565007.4392.3.camel@localhost.localdomain>
References: <[🔎] 1124565007.4392.3.camel@localhost.localdomain>

Dr Gavin Seddon wrote:
> Hi,
> I have noticed in my log there has been people trying to logon to my
> debian box.  Is there any software available to stop this, or should I
> use pam to restrict access?
> Thanks.

There have been a large number of concerted brute-force ssh attacks in
recent months. Don't feel singled out.

enigma:~# grep Illegal /var/log/auth.log | wc -l
2528

That's for the last six days. These are coming from several different IPs.

enigma:~# awk '/Illegal/ {print $10}' /var/log/auth.log | sort -u | wc -l
17

Aside from other solutions, good password choosing is a must. I know a
guy who got his box broken into this way because (1) he was running an
ancient kernel with a local root exploit and (2) one of his local users
had the same username and password.

-Corey

Reply to:

References:
- illegal user logon
  - From: Dr Gavin Seddon <gavin.m.seddon@man.ac.uk>

Prev by Date: Re: mp3 encoding - lame?
Next by Date: Re: mp3 encoding - lame?
Previous by thread: Re: illegal user logon
Next by thread: OT: illegal user logon
Index(es):
- Date
- Thread