Re: [Fwd: security]
Could it be this?
http://lists.sans.org/pipermail/intrusions/2004-August/008357.html
You didn't specify which usernames were being used, so it's tough to
tell if that's the same.
A couple of simple and quick things that I might do if this was a
concern:
-Setup an iptables firewall on the boxen running SSH and only allow
certain hosts to get to port 22. Alternately, you might consider
denying access through tcpwrappers, though I much prefer the iptables
method.
-Make sure that PermitRootLogin is set to no in your
/etc/ssh/sshd_config. Some might argue the necessity or effectiveness
of this measure but it is another step you can take to help defend the
computer.
I'm sure others have appropriate suggestions as well.
Steve
On Sat, Jan 29, 2005 at 03:05:35PM +0000, michael wrote:
> On debian-user it was suggested I also post this here, thanks, Michael
> -------- Forwarded Message --------
> From: michael <linux@networkingnewsletter.org.uk>
> To: debian user <debian-user@lists.debian.org>
> Subject: security
> Date: Fri, 28 Jan 2005 09:46:31 +0000
> I notice that frequently many machines around here get attacked by a
> potential hacker (a prog I guess) trying lots of usernames to get in to
> all the machines, using the same set of usernames at the same time. Have
> people seen this on their machines? I'm guessing it's a virus/worm on a
> Windows box doing this but does anybody know more?
>
> I've followed & done most of the suggestions listed in chpts 4 & 5 of
> "Securing Debian" HowTo/Manual although I will admit to not following
> and therefore not having got around to firewalling. Other suggestions
> most welcome.
>
> Thanks
> --
> Michael Bane
> Atmospheric Physics Group
> University of Manchester
>
>
> --
> Michael Bane
> Atmospheric Physics Group
> University of Manchester
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: