-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZorroPlateado wrote:
| Hay veces que recibo conexiones por ssh que son simplemente paquetes
| que llegan a dicho puerto, pero otras veces se ve intencionadamente que
| prueban ese puerto intentando abrir conexion con diferentes conexiones
| como por ejemplo:
|
| Illegal users from these:
| account/none from 211.241.199.170: 1 Time(s)
| adam/none from 211.241.199.170: 1 Time(s)
| adm/none from 211.241.199.170: 2 Time(s)
| admin/none from 200.56.125.181: 2 Time(s)
| alan/none from 211.241.199.170: 1 Time(s)
| apache/none from 211.241.199.170: 1 Time(s)
| cip51/none from 211.241.199.170: 1 Time(s)
| cip52/none from 211.241.199.170: 1 Time(s)
| cosmin/none from 211.241.199.170: 1 Time(s)
| cyrus/none from 211.241.199.170: 1 Time(s)
| data/none from 211.241.199.170: 1 Time(s)
| frank/none from 211.241.199.170: 1 Time(s)
| george/none from 211.241.199.170: 1 Time(s)
| guest/none from 200.56.125.181: 1 Time(s)
| henry/none from 211.241.199.170: 1 Time(s)
| horde/none from 211.241.199.170: 1 Time(s)
| iceuser/none from 211.241.199.170: 1 Time(s)
| jane/none from 211.241.199.170: 1 Time(s)
| john/none from 211.241.199.170: 1 Time(s)
| master/none from 211.241.199.170: 1 Time(s)
| matt/none from 211.241.199.170: 1 Time(s)
| mysql/none from 211.241.199.170: 1 Time(s)
| noc/none from 211.241.199.170: 1 Time(s)
| oracle/none from 211.241.199.170: 1 Time(s)
| pamela/none from 211.241.199.170: 1 Time(s)
| patrick/none from 211.241.199.170: 2 Time(s)
| rolo/none from 211.241.199.170: 1 Time(s)
| server/none from 211.241.199.170: 1 Time(s)
| sybase/none from 211.241.199.170: 1 Time(s)
| test/none from 200.56.125.181: 2 Time(s)
| test/none from 211.241.199.170: 5 Time(s)
| user/none from 200.56.125.181: 1 Time(s)
| user/none from 211.241.199.170: 3 Time(s)
| web/none from 211.241.199.170: 2 Time(s)
| webmaster/none from 211.241.199.170: 1 Time(s)
| www/none from 211.241.199.170: 1 Time(s)
| wwwrun/none from 211.241.199.170: 1 Time(s)
|
|
| Que puedo hacer con este trafico, solo se me ocurre añadir dicha ip
| al fichero /etc/hosts.deny.
|
|
Fijate de:
* filtrar el 22 (o el que use ssh en tu server) adecuadamente
* configurar hosts.deny y hosts.allow
* usar la opcion AllowUsers en el /etc/ssh/sshd_config
Creo no me olvido de nada
- --
Ricardo A.Frydman
Consultor en Tecnología Open Source
Administrador de Sistemas
http://www.eureka-linux.com.ar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCZ+Dpkw12RhFuGy4RAvWoAJwMprOZ3e/UTkKwKFjmlkfdnlpKLQCfS57X
QGPKQEmHCqjVXxsGCrnO6oQ=
=npj6
-----END PGP SIGNATURE-----