Re: security

To: debian-user@lists.debian.org
Subject: Re: security
From: Adam Aube <aaube01@baker.edu>
Date: Fri, 28 Jan 2005 21:57:33 -0500
Message-id: <[🔎] cteu3d$9pg$2@sea.gmane.org>
References: <[🔎] 1106905591.32473.4.camel@localhost.localdomain>

michael wrote:

> I notice that frequently many machines around here get attacked by a
> potential hacker (a prog I guess) trying lots of usernames to get in to
> all the machines, using the same set of usernames at the same time. Have
> people seen this on their machines? I'm guessing it's a virus/worm on a
> Windows box doing this but does anybody know more?

It's an attempt to brute force passwords for root and other accounts using
SSH by an automated script. The Internet Storm Center has posted
information about it several times. Google for the following for more
information:

"SSH scanning" site:isc.sans.org

The short answer is that, if you don't use easy-to-guess passwords on your
system, you won't have a problem.

You could also do any of the following:

1) Configure SSH to use keys instead of passwords
2) Using iptables, allow only a few IP addresses access to SSH
3) Run SSH on a non-standard port
4) Implement port knocking to guard access to SSH

Adam

Reply to:

References:
- security
  - From: michael <linux@networkingnewsletter.org.uk>

Prev by Date: Re: Kernel 2.6.10 boots panic
Next by Date: Re: Kernel 2.6.10 boots panic
Previous by thread: security
Next by thread: Re: security
Index(es):
- Date
- Thread