Greg King wrote:
Hi folks,
I have a RH9 system which is exposed to the internet by having a firewall
port forward SSH to it. Root login is disabled, and the few (4~5) accounts
that are on the box have passwords, although probably not as hard as they
should be.
For the past few week I've noticed lots of attempts to logon using various
ids, most of which don't exist on the box. I've also heard that SSH itself
has known exploits which can result in nefarious types taking control of a
box. I don't believe the box is compromised yet, as tripwire seems to be not
finding any newly changed system files, but I guess worst case tripwire
itself could be compromised. My question is twofold:
1. How easy is it to compromise SSH (OpenSSH_3.5p1 which was the latest one
available when RH dropped auto update for RH9)? The RedHat site doesn't have
an upgrade after Sep 2003.
Depends the network and what else you have installed. I'd _highly_
recomend getting updates from fedora legacy.
2. Is it worth while to try to report this activity to abuse@ whatever
domain the IP is coming from?
Yes, while some seem not to care many do. Although it does become a pain
after a while :(
Regards,
Greg King
Is protocol 1 alowed? you should disable 1 and only alow 2.
Travis R.
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
