On Thu, Mar 31, 2005 at 10:44:53PM -0600, Brad Sims wrote: > `less /var/log/auth.log|grep Failed|wc -l` shows 185 attempts to compromise > my machine since March 27th... A similar command on the log server on a class B network (/16) shows 1482 such attempts in the past 19 hours or so. It's just a worm, and unless you've got a weak password policy, you don't have anything to worry about. Eventually you just get used to it. There's really not a whole lot that can be done to prevent it. > /etc/hosts.deny reads: ALL: ALL > /etc/hosts.allow reads: > sshd: $WORK_IP1 > sshd: $WORK_IP2 > > Will not having the usual all: local break something? > Almost certainly not. Unless you routinely ssh to localhost. noah
Attachment:
pgpC6eAjrD8FR.pgp
Description: PGP signature