On Monday 20,August,2012 11:21 PM, Darac Marjal wrote: > On Mon, Aug 20, 2012 at 11:15:55PM +0800, lina wrote: >> On Monday 20,August,2012 10:44 PM, Mika Suomalainen wrote: >>> On 20.08.2012 17:02, lina wrote: >>>> On Monday 20,August,2012 09:59 PM, lina wrote: >>>>>> Hi, >>>>>> >>>>>> I ssh to a server which has 400+ users, active ones around >>>>>> 100. >>>>>> >>>>>> Frankly speaking, I would feel comfortable to hide my IP if >>>>>> possible, >>>>>> >>>>>> any suggestions (I checked the spoof, but seems not positive), >>>>>> >>>>>> Thanks with best regards, >>>>>> >>>>>> >>>> Another question, how do I know whether there are some people are >>>> attempting to invade my laptop, my username, ip are all exposed >>>> there. >>> >>> If you have SSHd and that is what you are worried about, grep ssh from >>> /var/log/auth.log . >> >> BTW, what is the 172.21.48.161, seems in the old auth.log* also has this >> one. > > You need to ask, not "what is", but "who is". More specifically: > > $ whois 172.21.48.161 > [...] > NetRange: 172.16.0.0 - 172.31.255.255 > CIDR: 172.16.0.0/12 > OriginAS: > NetName: PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED > NetHandle: NET-172-16-0-0-1 > Parent: NET-172-0-0-0-0 > NetType: IANA Special Use > [...] > > In other words, it's someone else on your network.
So I am under regular attacks recently, very gentle attack, only tried few times each day? How do I know who has this IP address? why s/he didn't change? unbelievable, hope I am wrong here. Best regards, > > [cut] >> >> Thanks again, >> >> Best regards, >> >> >>> I'm not sure does that require loglevel being "VERBOSE" in sshd_config. >>> >>> And you might also want to install something like SSHGuard (package >>> sshguard) to protect your SSHd and other services, which it protects >>> from attackers. http://www.sshguard.net/ >>> >>> >> >> >> -- >> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org >> Archive: http://lists.debian.org/503254ab.8030...@gmail.com >> -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5032583e.70...@gmail.com
