Re: [Fwd: security]

To: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: [Fwd: security]
From: Paul Day <paul@bur.st>
Date: Sun, 30 Jan 2005 11:19:54 +0800 (WST)
Message-id: <[🔎] Pine.LNX.4.61.0501301117200.27119@sweep.bur.st>
In-reply-to: <[🔎] 1107011135.20873.2.camel@localhost.localdomain>
References: <[🔎] 1107011135.20873.2.camel@localhost.localdomain>

On Sat, 29 Jan 2005, michael wrote:

On debian-user it was suggested I also post this here, thanks, Michael

<snip>

I notice that frequently many machines around here get attacked by a
potential hacker (a prog I guess) trying lots of usernames to get in to
all the machines, using the same set of usernames at the same time. Have
people seen this on their machines? I'm guessing it's a virus/worm on a
Windows box doing this but does anybody know more?

I see this quite regularly. It's generally an external script kiddy tryingto get a toe-hold into a box by brute-force guessing a common usernamewith a weak password.

I've followed & done most of the suggestions listed in chpts 4 & 5 of
"Securing Debian" HowTo/Manual although I will admit to not following
and therefore not having got around to firewalling. Other suggestions
most welcome.

Firewall out unnecessary SSH access, enforce strict password policies andregularly run your passwd file through john with a big dictionary file,automatically locking accounts it cracks.


PD

--
Paul Day      Web: www.bur.st/~paul      GPG Key ID: 7FF655A8

Reply to:

References:
- [Fwd: security]
  - From: michael <linux@networkingnewsletter.org.uk>

Prev by Date: Re: woody kernel image
Next by Date: Re: woody kernel image
Previous by thread: Re: [Fwd: security]
Next by thread: Empty Release.gpg files and Debian Archive key for 2005
Index(es):
- Date
- Thread