Login attacks
Nathaniel Hall
halln at otc.edu
Wed Dec 8 04:59:28 UTC 2004
That is what is nice for me. My entire job is intrusion detection,
hence /Intrusion Detection/ and Firewall Technician. I am starting to
spend the majority of my time performing network scans throughout the
network. It is amazing what you will find running on your "private"
network.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-447-7535
Thomas Cameron wrote:
>On Tue, 2004-12-07 at 14:24 -0600, Michael Yep wrote:
>
>
>>Hello
>>
>>In my LogWatch report I get many login attacks, many from the same IP address.
>>
>>sshd:
>> Authentication Failures:
>> root (218.232.109.187): 59 Time(s)
>> adm (218.232.109.187): 2 Time(s)
>> apache (218.232.109.187): 1 Time(s)
>> nobody (218.232.109.187): 1 Time(s)
>> operator (218.232.109.187): 1 Time(s)
>> Invalid Users:
>> Unknown Account: 43 Time(s)
>>
>>I have permitRootLogin set to NO, and I use strong passwords, but can I
>>just add these IP addresses to hosts.deny?
>>and if so how would I set that up
>>
>>
>
>I tried to go down that road a few years back - whenever anyone tried to
>probe my system I'd lock them out using iptables.
>
>In not very much time my iptables rules were unmanageably long. I found
>that just disabling remote root login and enforcing strong passwords was
>really the only way to deal with this kind of thing.
>
>Thomas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041207/0bd06a0f/attachment-0001.htm>
More information about the fedora-list
mailing list