On Thu, Dec 21, 2006 at 09:25:44AM -0500, mutsuura wrote: > All > > Another newbiew question... > > While browsing my auth.log file, I notice 'many' denial attacks. > > Eg:... > > Dec 17 12:25:37 h-66-166-247-242 sshd[21409]: Illegal user sara from > 61.82.25.83 > Dec 17 12:25:39 h-66-166-247-242 sshd[21412]: Illegal user robert from > 61.82.25.83 > Dec 17 12:25:41 h-66-166-247-242 sshd[21415]: Illegal user richard from > 61.82.25.83 > Dec 17 12:25:43 h-66-166-247-242 sshd[21418]: Illegal user party from > 61.82.25.83 > Dec 17 12:25:45 h-66-166-247-242 sshd[21420]: Illegal user amanda from > 61.82.25.83 > Dec 17 12:25:46 h-66-166-247-242 sshd[21423]: Illegal user rpm from > 61.82.25.83 > Dec 17 12:25:48 h-66-166-247-242 sshd[21426]: Illegal user operator from > 61.82.25.83 > Dec 17 12:25:50 h-66-166-247-242 sshd[21428]: Illegal user sgi from > 61.82.25.83 > Dec 17 12:25:54 h-66-166-247-242 sshd[21434]: Illegal user users from > 61.82.25.83 > Dec 17 12:25:56 h-66-166-247-242 sshd[21437]: Illegal user admins from > 61.82.25.83 > Dec 17 12:25:58 h-66-166-247-242 sshd[21439]: Illegal user admins from > 61.82.25.83 > Dec 17 12:26:08 h-66-166-247-242 sshd[21453]: Illegal user shutdown from > 61.82.25.83 > > What default firewall/IDS does Debian come with following an > initial install? there is a packages, denyhosts, that watches for these kinds of attacks and puts them in the /etc/hosts.deny file. But the larger question is, why do you have sshd running on this machine? and why is it exposed to the wild? If you don't need ssh from the outside, then turn it off. if you DO need it, then you need to read up on security before you turn it ON. others have suggested firewall packages for you to look at. You don't necessarily NEED a firewall if you have no services turned on to the outside world, though its probably a good idea. A
Attachment:
signature.asc
Description: Digital signature