Re: [OT] Is it possible to hide the ip in ssh connection

[lina <lina.lastname@gmail.com>]

On Tuesday 21,August,2012 03:12 AM, unruh wrote:
> Everyone suffers these attacks. They are simply part of a toolset which
> crackers use to try to gain entry into Linux machines. As long as you
> have good passwords do not worry. You will also suffer attacks on
> various Windows ports. 
> 
> If you want you can use /etc/hosts.allow to  weed out outside machines
> that try these attacks, eitehr manually or with programs. 
> 
> You cannot hide your IP or noone in the world could ever ssh into your
> system, making ssh useless for your users. 
> Also  your attacks appear to be local attacks--
> Ie from someone on you own network. They know who you are. 

That's why I am a bit scared. And sometimes I received "unknown" calls,
when I answered, no sounds. a bit scary.

I disliked so much that the one who is in charge of the place asked our
phone number and put all our contact info. on table in front of the door
window. The good excuses was that if there is a fire, someone could find
our contact information easily, damn, if there is a fire, this paper
will burn out before s/he can read.
> 
> 
> 
> In linux.debian.user, you wrote:
>> On Monday 20,August,2012 11:21 PM, Darac Marjal wrote:
>>> On Mon, Aug 20, 2012 at 11:15:55PM +0800, lina wrote:
>>>> On Monday 20,August,2012 10:44 PM, Mika Suomalainen wrote:
>>>>> On 20.08.2012 17:02, lina wrote:
>>>>>> On Monday 20,August,2012 09:59 PM, lina wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I ssh to a server which has 400+ users, active ones around
>>>>>>>> 100.
>>>>>>>>
>>>>>>>> Frankly speaking, I would feel comfortable to hide my IP if
>>>>>>>> possible,
>>>>>>>>
>>>>>>>> any suggestions (I checked the spoof, but seems not positive),
>>>>>>>>
>>>>>>>> Thanks with best regards,
>>>>>>>>
>>>>>>>>
>>>>>> Another question, how do I know whether there are some people are 
>>>>>> attempting to invade my laptop, my username, ip are all exposed
>>>>>> there.
>>>>>
>>>>> If you have SSHd and that is what you are worried about, grep ssh from
>>>>> /var/log/auth.log .
>>>>
>>>> BTW, what is the 172.21.48.161, seems in the old auth.log* also has this
>>>> one.
>>>
>>> You need to ask, not "what is", but "who is". More specifically:
>>>
>>> $ whois 172.21.48.161
>>> [...]
>>> NetRange:       172.16.0.0 - 172.31.255.255
>>> CIDR:           172.16.0.0/12
>>> OriginAS:
>>> NetName:        PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED
>>> NetHandle:      NET-172-16-0-0-1
>>> Parent:         NET-172-0-0-0-0
>>> NetType:        IANA Special Use
>>> [...]
>>>
>>> In other words, it's someone else on your network.
>>
>> So I am under regular attacks recently, very gentle attack, only tried
>> few times each day?
>>
>> How do I know who has this IP address? why s/he didn't change?
> 
> It is someone on your own network. If yo uare at a University it is
> someone there. Find out from the network people who has that IP. But it
> is highly probably that they ahve no idea that they are launching those
> attacks because their windows machine has had attack software installed
> on it after their systems were broken. 
Those desktop here only administrator and staff has the privilege to
install the software on it.
> 
> 
>>
>> unbelievable, hope I am wrong here.
> 
> About what? You are an administrator and just discovering that these
> kinds of attack take place regularly?

I felt I made some mistakes before, like put the public keys from those
servers into my own laptop, just for the convinence of connection.
I am on my way correcting my mistakes.
> 
> 
>>
>> Best regards,

Best regards,
>>>
>>> [cut]
>>>>
>>>> Thanks again,
>>>>
>>>> Best regards,
>>>>
>>>>
>>>>> I'm not sure does that require loglevel being "VERBOSE" in sshd_config.
>>>>>
>>>>> And you might also want to install something like SSHGuard (package
>>>>> sshguard) to protect your SSHd and other services, which it protects
>>>>> from attackers. http://www.sshguard.net/
>>>>>
>>>>>