[K12OSN] How do I stop attempted logins
Petre Scheie
petre at maltzen.net
Tue Mar 22 14:49:13 UTC 2005
I second the suggestion to just use a non-standard port. Last fall some friends and I
all noticed this same thing on our various boxes. The attempts, which seemed to come
largely from SE Asia, suggested some new script-kiddie rootkit was making the rounds.
Anyway, the attempts were all failing but were filling up the log files. So, we all
moved to ports such as 922 or 2322 or whatever (something *somewhat* easy to remember)
and the log files have been quiet ever since.
Petre
Thomas E. Haynes wrote:
>
>
>
>>-----Original Message-----
>>From: k12osn-bounces at redhat.com
>>[mailto:k12osn-bounces at redhat.com] On Behalf Of Dr. Daniel Loomis
>>Sent: Monday, March 21, 2005 8:27 PM
>>To: k12osn at redhat.com
>>Subject: [K12OSN] How do I stop attempted logins
>
>
> --snip--
>
>
>>I have considered changing to a non-standard port, but I
>>suspect that a simple portscan would quickly discover it and
>>the attempts would continue.
>>
>>My /var/log/secure files are filling up fast with these
>>repeated breakin attempts. I have done a whois on several of
>>the addresses. Most seem to be coming from Taiwan and other
>>places in Asia.
>>
>
>
> I vote for changing to a nonstandard port. These login attempts are
> scripted, and they are not scanning ports. The odd port would not slow down
> a determined cracker, but you are dealing with the irritation of script
> kiddies.
>
> My 2 cents... Tom
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
More information about the K12OSN
mailing list