On Sun, Jun 10, 2007 at 08:20:05PM -0400, Kamaraju S Kusumanchi wrote: > David Baron wrote: > > > Someone is trying to ssh on to my system. Trying on several ports. Not the > > first time, either. Thankfully, he does not have a password. Besides a > > bunch of Deprecated option ReverseMappingCheck, so far no harm done. > > > > Since my logs have this IP number, how do I find out who it is? > > Not exactly answering your question. But I do see a lot of IPs performing > dictionary attacks on my machine. What I do is go through /var/log/auth.log > periodically and add the offending IPs to /etc/hosts.deny . That way, in > future, the offending IPs cannot perform any dictionary attacks. I > currently have around 85 IPs in this list (starting Apr 10, 2007) :-) > > You should also disable remote root logins to make the machine more secure. > The best thing you can do is to disable password logins altogether. Using public keys is much more secure and makes it *impossible* for a dictionary attack to succeed. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature