[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Find out host of IP

On Sun, Jun 10, 2007 at 08:20:05PM -0400, Kamaraju S Kusumanchi wrote:
> David Baron wrote:
> > Someone is trying to ssh on to my system. Trying on several ports. Not the
> > first time, either. Thankfully, he does not have a password. Besides a
> > bunch of Deprecated option ReverseMappingCheck, so far no harm done.
> > 
> > Since my logs have this IP number, how do I find out who it is?
> Not exactly answering your question. But I do see a lot of IPs performing
> dictionary attacks on my machine. What I do is go through /var/log/auth.log
> periodically and add the offending IPs to /etc/hosts.deny . That way, in
> future, the offending IPs cannot perform any dictionary attacks. I
> currently have around 85 IPs in this list (starting Apr 10, 2007) :-)
> You should also disable remote root logins to make the machine more secure.
The best thing you can do is to disable password logins altogether.
Using public keys is much more secure and makes it *impossible* for a
dictionary attack to succeed.



Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: