Re: Find out host of IP

To: debian-user@lists.debian.org
Subject: Re: Find out host of IP
From: Kamaraju S Kusumanchi <kamaraju@bluebottle.com>
Date: Sun, 10 Jun 2007 20:20:05 -0400
Message-id: <[🔎] f4i4h4$fdh$1@sea.gmane.org>
References: <[🔎] 200706101926.46240.d_baron@012.net.il>

David Baron wrote:

> Someone is trying to ssh on to my system. Trying on several ports. Not the
> first time, either. Thankfully, he does not have a password. Besides a
> bunch of Deprecated option ReverseMappingCheck, so far no harm done.
> 
> Since my logs have this IP number, how do I find out who it is?

Not exactly answering your question. But I do see a lot of IPs performing
dictionary attacks on my machine. What I do is go through /var/log/auth.log
periodically and add the offending IPs to /etc/hosts.deny . That way, in
future, the offending IPs cannot perform any dictionary attacks. I
currently have around 85 IPs in this list (starting Apr 10, 2007) :-)

You should also disable remote root logins to make the machine more secure.

hth
raju
-- 
Kamaraju S Kusumanchi
http://www.people.cornell.edu/pages/kk288/
http://malayamaarutham.blogspot.com/

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Find out host of IP
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: Find out host of IP
  - From: Raquel <raquel@thericehouse.net>

References:
- Find out host of IP
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: Find out host of IP
Next by Date: Re: Find out host of IP
Previous by thread: Re: Find out host of IP
Next by thread: Re: Find out host of IP
Index(es):
- Date
- Thread