> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of artware
> Sent: Tuesday, January 11, 2005 2:06 PM
> To: freebsd-questions@freebsd.org
> Subject: Re: Blacklisting IPs
>
>
> These types of attacks don't seem directed
On Tuesday 11 January 2005 12:46 am, artware wrote:
> Thanks for the input, everyone! Port-knocking is overkill at this
> point, but I did do the following things to sshd_config:
>
> Set port to non-default
> PermitRootLogin no
> LoginGraceTime 45s
> AllowUsers lists only one user -- me. :)
>
> I a
it was said:
>These types of attacks don't seem directed -- it's more like fishing
>for unprotected systems.
>
>FWIW, changing the ssh port dropped the illegal user attempts to 0
>instantly...
>
>- ben
>
>On Mon, 10 Jan 2005 23:29:10 -0800, Ted Mittelstaedt
>
><[EMAIL PROTECTED]> wrote:
>> If I'm
These types of attacks don't seem directed -- it's more like fishing
for unprotected systems.
FWIW, changing the ssh port dropped the illegal user attempts to 0 instantly...
- ben
On Mon, 10 Jan 2005 23:29:10 -0800, Ted Mittelstaedt
<[EMAIL PROTECTED]> wrote:
> If I'm going to attack you I'm go
Hi,
It's best to report them and it's not hard to do it. There
are automated tools that will do it.
I would be very interested in setting up such a tool on my server as
well. My passwords are not easy to guess, and root is not allowed to
login anyways, and changes are extremely slim that someone
Ted Mittelstaedt wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chris
Sent: Monday, January 10, 2005 4:07 PM
To: artware
Cc: freebsd-questions@freebsd.org
Subject: Re: Blacklisting IPs
artware wrote:
Hello again,
My 5.3R system has only been up a
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Jez Hancock
> Sent: Monday, January 10, 2005 11:42 AM
> To: freebsd-questions@freebsd.org
> Subject: Re: Blacklisting IPs
>
>
> Another fairly simple option though is t
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Chris
> Sent: Monday, January 10, 2005 4:07 PM
> To: artware
> Cc: freebsd-questions@freebsd.org
> Subject: Re: Blacklisting IPs
>
>
> artware wrote:
> > Hello aga
Thanks for the input, everyone! Port-knocking is overkill at this
point, but I did do the following things to sshd_config:
Set port to non-default
PermitRootLogin no
LoginGraceTime 45s
AllowUsers lists only one user -- me. :)
I also did route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole...
artware wrote:
Hello again,
My 5.3R system has only been up a little over a week, and I've already
had a few breakin attempts -- they show up as Illegal user tests in
the /var/log/auth.log... It looks like they're trying common login
names (probably with the login name used as passwd). It takes the
On January 10, 2005 01:20 am, artware wrote:
> My 5.3R system has only been up a little over a week, and I've already
> had a few breakin attempts -- they show up as Illegal user tests in
> the /var/log/auth.log... It looks like they're trying common login
> names (probably with the login name used
Louis LeBlanc wrote:
On 01/10/05 12:20 AM, artware sat at the `puter and typed:
My 5.3R system has only been up a little over a week, and I've already
had a few breakin attempts -- they show up as Illegal user tests in
the /var/log/auth.log... It looks like they're trying common login
names (probab
On 01/10/05 07:42 PM, Jez Hancock sat at the `puter and typed:
> On Mon, 10 Jan 2005 12:23:04 -0500, Louis LeBlanc
> <[EMAIL PROTECTED]> wrote:
> > On 01/10/05 12:20 AM, artware sat at the `puter and typed:
> > > Hello again,
> > >
> > > My 5.3R system has only been up a little over a week, and I'v
On Mon, 10 Jan 2005 12:23:04 -0500, Louis LeBlanc
<[EMAIL PROTECTED]> wrote:
> On 01/10/05 12:20 AM, artware sat at the `puter and typed:
> > Hello again,
> >
> > My 5.3R system has only been up a little over a week, and I've already
> > had a few breakin attempts -- they show up as Illegal user te
On 01/10/05 06:04 PM, John Conover sat at the `puter and typed:
> Louis LeBlanc writes:
> >
> > A practice one of my former co-workers liked was to pick a song and pull
> > letters out; take Fleetwood Mac: "Don't Stop Thinking About Tomorrow".
> > You could get "DSTAT", turn that into something el
Louis LeBlanc writes:
>
> A practice one of my former co-workers liked was to pick a song and pull
> letters out; take Fleetwood Mac: "Don't Stop Thinking About Tomorrow".
> You could get "DSTAT", turn that into something else, like "dSt4T".
> Pretty short, but definitely not a dictionary word. Y
On 01/10/05 12:20 AM, artware sat at the `puter and typed:
> Hello again,
>
> My 5.3R system has only been up a little over a week, and I've already
> had a few breakin attempts -- they show up as Illegal user tests in
> the /var/log/auth.log... It looks like they're trying common login
> names (p
artware wrote:
Hello again,
My 5.3R system has only been up a little over a week, and I've already
had a few breakin attempts -- they show up as Illegal user tests in
the /var/log/auth.log... It looks like they're trying common login
names (probably with the login name used as passwd). It takes the
I have the same problem - numerous attempts to crack accounts like
"admin", Guest", "test", and so on.
If it continually comes from the same IP, blocking that IP at the
firewall should do the trick.
However, if the attempts come from varying IPs and you intend to allow
logins from the Internet,
19 matches
Mail list logo
