On Mon, Aug 20, 2012 at 11:15:55PM +0800, lina wrote: > On Monday 20,August,2012 10:44 PM, Mika Suomalainen wrote: > > On 20.08.2012 17:02, lina wrote: > >> On Monday 20,August,2012 09:59 PM, lina wrote: > >>>> Hi, > >>>> > >>>> I ssh to a server which has 400+ users, active ones around > >>>> 100. > >>>> > >>>> Frankly speaking, I would feel comfortable to hide my IP if > >>>> possible, > >>>> > >>>> any suggestions (I checked the spoof, but seems not positive), > >>>> > >>>> Thanks with best regards, > >>>> > >>>> > >> Another question, how do I know whether there are some people are > >> attempting to invade my laptop, my username, ip are all exposed > >> there. > > > > If you have SSHd and that is what you are worried about, grep ssh from > > /var/log/auth.log . > > BTW, what is the 172.21.48.161, seems in the old auth.log* also has this > one.
You need to ask, not "what is", but "who is". More specifically: $ whois 172.21.48.161 [...] NetRange: 172.16.0.0 - 172.31.255.255 CIDR: 172.16.0.0/12 OriginAS: NetName: PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED NetHandle: NET-172-16-0-0-1 Parent: NET-172-0-0-0-0 NetType: IANA Special Use [...] In other words, it's someone else on your network. [cut] > > Thanks again, > > Best regards, > > > > I'm not sure does that require loglevel being "VERBOSE" in sshd_config. > > > > And you might also want to install something like SSHGuard (package > > sshguard) to protect your SSHd and other services, which it protects > > from attackers. http://www.sshguard.net/ > > > > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/503254ab.8030...@gmail.com >
signature.asc
Description: Digital signature
