Re: ssh: Repeated intrusion attempts

To: debian-user@lists.debian.org
Subject: Re: ssh: Repeated intrusion attempts
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Mon, 2 May 2005 04:23:07 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1050502041643.16932A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] d54r28$k1k$1@sea.gmane.org>

On Mon, 2 May 2005, Robert S wrote:

> There seem to be bursts of this sort of activity every day or two, from 
> different addresses.

good .. consider it a free server audit by script kiddies

> What concerns me is that the attackers seem to be able to retrieve the names 
> of users on my system.  How do they do that, and how can I prevent it?

lucky guess ... or plain ole (trivial) network sniffing

- sniff any/all of the emails and follow that email into the server
  and try to guess their passwords
 
- never use the same email addy ( john )  as your any of your loginID 
 ( john ) ..  one of it should be "jsmith"  or some other non-guessible
 loginid  ... and aliase john@foo.com in your /etc/alias files back to
 j1z3k5 so that j1z3k5 can read/delete/reply their emails addressed to
 john

> I am running Woody, with up-to-date patches, behind a cheap hardware 
> firewall-router.  Open ports are 22 (sshd), 25 (sendmail), 80 (apache), 443 
> (apache-ssl), 993 (courier-imap over ssl) and 995 (courier-pop over ssl). 

pretty good :-) .. except do not depend on the firewall .. assume its
cracked and protect everything else ...
( full and incremental and encrypted backups .. dating back months.. )

c ya
alvin

Reply to:

Follow-Ups:
- Re: ssh: Repeated intrusion attempts
  - From: "Robert S" <robert.spam.me.senseless@gmail.com>

References:
- ssh: Repeated intrusion attempts
  - From: "Robert S" <robert.spam.me.senseless@gmail.com>

Prev by Date: Re: [OT] X-friendly KVM switch?
Next by Date: Re: apt-get deprecated?
Previous by thread: ssh: Repeated intrusion attempts
Next by thread: Re: ssh: Repeated intrusion attempts
Index(es):
- Date
- Thread