Re: [Fwd: security]
On Sat, 29 Jan 2005, michael wrote:
On debian-user it was suggested I also post this here, thanks, Michael
<snip>
I notice that frequently many machines around here get attacked by a
potential hacker (a prog I guess) trying lots of usernames to get in to
all the machines, using the same set of usernames at the same time. Have
people seen this on their machines? I'm guessing it's a virus/worm on a
Windows box doing this but does anybody know more?
I see this quite regularly. It's generally an external script kiddy trying
to get a toe-hold into a box by brute-force guessing a common username
with a weak password.
I've followed & done most of the suggestions listed in chpts 4 & 5 of
"Securing Debian" HowTo/Manual although I will admit to not following
and therefore not having got around to firewalling. Other suggestions
most welcome.
Firewall out unnecessary SSH access, enforce strict password policies and
regularly run your passwd file through john with a big dictionary file,
automatically locking accounts it cracks.
PD
--
Paul Day Web: www.bur.st/~paul GPG Key ID: 7FF655A8
Reply to: