[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: consejos para linux



Inicio del mensaje reenviado:

De: "Walter O. Dari" <wlinuxw@gmail.com>
Fecha: 20 de noviembre de 2008 11:44:42 a.m. GMT-06:00
Para: Alberto Vicat <albertovicat@gmail.com>
Asunto: Re: Fwd: consejos para linux

Hola Alberto...

Alberto Vicat wrote:
Juan Manuel Acuña Barrera escribió:

[...]

- Usa nombres de usuario poco comunes (para saber cuales son los comunes basta con poner un ojo en /var/log/auth.log y ver lo que dice después de "Invalid user").
[...]

Saludos!
Hola.
Muy buenos los consejos y también los agregados.
Pero fui a /var/log/auth.log y lo que encuentro es un "historial" de logueos. Busqué la cadena "Invalid" y no aparece. ¿Qué se supone que debería encontrar allí?

Aquí va una muestra del mío...


Jul  2 15:47:38 debhome sshd[29871]: Invalid user teofilo from 201.217.90.50
Jul  2 15:47:40 debhome sshd[29875]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:40 debhome sshd[29875]: Invalid user tadeo from 201.217.90.50
Jul  2 15:47:43 debhome sshd[29879]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:43 debhome sshd[29879]: Invalid user pelayo from 201.217.90.50
Jul  2 15:47:45 debhome sshd[29883]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:45 debhome sshd[29883]: Invalid user narciso from 201.217.90.50
Jul  2 15:47:47 debhome sshd[29887]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:47 debhome sshd[29887]: Invalid user porfirio from 201.217.90.50
Jul  2 15:47:50 debhome sshd[29891]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:50 debhome sshd[29891]: Invalid user hipolito from 201.217.90.50
Jul  2 15:47:53 debhome sshd[29895]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:53 debhome sshd[29895]: Invalid user isidro from 201.217.90.50
Jul  2 15:47:55 debhome sshd[29899]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:55 debhome sshd[29899]: Invalid user gregorio from 201.217.90.50
Jul  2 15:47:57 debhome sshd[29903]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:57 debhome sshd[29903]: Invalid user engracia from 201.217.90.50
Jul  2 15:47:59 debhome sshd[29907]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:47:59 debhome sshd[29907]: Invalid user berta from 201.217.90.50
Jul  2 15:48:04 debhome sshd[29911]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:04 debhome sshd[29911]: Invalid user cirilo from 201.217.90.50
Jul  2 15:48:06 debhome sshd[29925]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:06 debhome sshd[29925]: Invalid user demetrio from 201.217.90.50
Jul  2 15:48:09 debhome sshd[29929]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:09 debhome sshd[29929]: Invalid user angelica from 201.217.90.50
Jul  2 15:48:13 debhome sshd[29934]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:13 debhome sshd[29934]: Invalid user basilio from 201.217.90.50
Jul  2 15:48:15 debhome sshd[29938]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:15 debhome sshd[29938]: Invalid user casandra from 201.217.90.50
Jul  2 15:48:17 debhome sshd[29942]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:17 debhome sshd[29942]: Invalid user alondra from 201.217.90.50
Jul  2 15:48:19 debhome sshd[29946]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:19 debhome sshd[29946]: Invalid user agueda from 201.217.90.50
Jul  2 15:48:21 debhome sshd[29951]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:21 debhome sshd[29951]: Invalid user severino from 201.217.90.50
Jul  2 15:48:23 debhome sshd[29955]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:23 debhome sshd[29955]: Invalid user antonia from 201.217.90.50
Jul  2 15:48:25 debhome sshd[29959]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:25 debhome sshd[29959]: Invalid user vicente from 201.217.90.50
Jul  2 15:48:27 debhome sshd[29963]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:27 debhome sshd[29963]: Invalid user valentin from 201.217.90.50
Jul  2 15:48:29 debhome sshd[29967]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:29 debhome sshd[29967]: Invalid user rogelio from 201.217.90.50
Jul  2 15:48:31 debhome sshd[29971]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:31 debhome sshd[29971]: Invalid user sancho from 201.217.90.50
Jul  2 15:48:33 debhome sshd[29975]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:33 debhome sshd[29975]: Invalid user saturnino from 201.217.90.50
Jul  2 15:48:35 debhome sshd[29979]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:35 debhome sshd[29979]: Invalid user domingo from 201.217.90.50
Jul  2 15:48:37 debhome sshd[29983]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:37 debhome sshd[29983]: Invalid user placido from 201.217.90.50
Jul  2 15:48:39 debhome sshd[29988]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:39 debhome sshd[29988]: Invalid user pia from 201.217.90.50
Jul  2 15:48:44 debhome sshd[29992]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:44 debhome sshd[29992]: Invalid user pio from 201.217.90.50
Jul  2 15:48:46 debhome sshd[29996]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:46 debhome sshd[29996]: Invalid user pabla from 201.217.90.50
Jul  2 15:48:48 debhome sshd[30000]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 15:48:48 debhome sshd[30000]: Invalid user patricio from 201.217.90.50
Jul  2 15:48:50 debhome sshd[30004]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [2

Saludos

Un saludo,
    .-----.           Walter
   / \ _ / \  _/\_
(\/  /  \   |_/oo)    http://www.swcomputacion.com/
 \--------------~     Usuario Linux 425808
 // ||   || \\        http://counter.li.org/



Te aparece (por lo menos en mis máquinas con salida a red me aparece) algo así:

Nov 20 11:27:29 nombreDeMiEquipo sshd[14618]: Failed password for invalid user mysql from 60.160.183.2 port 42278 ssh2
Nov 20 11:27:32 nombreDeMiEquipo sshd[14620]: Invalid user test from 60.160.183.2
Nov 20 11:27:34 nombreDeMiEquipo sshd[14620]: Failed password for invalid user test from 60.160.183.2 port 42526 ssh2
Nov 20 11:27:37 nombreDeMiEquipo sshd[14622]: Invalid user user from 60.160.183.2
Nov 20 11:27:39 nombreDeMiEquipo sshd[14622]: Failed password for invalid user user from 60.160.183.2 port 42794 ssh2
Nov 20 11:27:41 nombreDeMiEquipo sshd[14624]: Invalid user service from 60.160.183.2
Nov 20 11:27:43 nombreDeMiEquipo sshd[14624]: Failed password for invalid user service from 60.160.183.2 port 43040 ssh2
Nov 20 11:27:47 nombreDeMiEquipo sshd[14626]: Failed password for invalid user root from 60.160.183.2 port 43274 ssh2
Nov 20 11:27:49 nombreDeMiEquipo sshd[14628]: Invalid user oracle from 60.160.183.2
Nov 20 11:27:51 nombreDeMiEquipo sshd[14628]: Failed password for invalid user oracle from 60.160.183.2 port 43502 ssh2
Nov 20 11:27:56 nombreDeMiEquipo sshd[14632]: Failed password for invalid user mysql from 60.160.183.2 port 43734 ssh2
Nov 20 11:27:58 nombreDeMiEquipo sshd[14634]: Invalid user test from 60.160.183.2
Nov 20 11:28:00 nombreDeMiEquipo sshd[14634]: Failed password for invalid user test from 60.160.183.2 port 43971 ssh2
Nov 20 11:28:02 nombreDeMiEquipo sshd[14636]: Invalid user user from 60.160.183.2

Como puedes ver están los usuarios mysql, test, user, service, oracle. Es a lo que me refiero. Yo personalmente siempre prefiero usar combinaciones de nombre (punto) apellido (punto) apellido o algo así, por ejemplo pedro.lopez.garcia, que creo que será mas dificil de adivinar, así ya le tienen que pegar a dos: primero al username y luego al password.

Saludos!

--
To UNSUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Reply to: