Jonathan Chen wrote:
On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
Is there a method to make this more expensive to the attacker, such as tar-pitting?
Put in a ipfw block on the netblock/country. At the very least it will
make it pretty slow for the initial TCP handshake.
Che
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mike Hauber
> Sent: Thursday, September 09, 2004 8:44 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Tar pitting automated attacks
>
>
> How difficult would it be to have a &qu
On Sep 9, 2004, at 11:44 AM, Mike Hauber wrote:
That makes sense... I haven't gotten so much into security
that I would want to "invite" a potential cracker. I would
just assume they go and bug someone else (who knows, maybe
it will result in more BSD admins. :) )
How difficult would it be to ha
On Thursday 09 September 2004 11:00 am, Ted Mittelstaedt
proclaimed:
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf
> > Of Mike Hauber Sent: Wednesday, September 08, 2004 9:35
> > AM
> > To: [EMAIL PROTECTED]
&g
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mike Hauber
> Sent: Wednesday, September 08, 2004 9:35 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Tar pitting automated attacks
>
>
> I realize this is probably a du
Sent: Tuesday, September 07, 2004 6:42
> > > AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Tar pitting automated attacks
> > >
> > >
> > > Is there a method to make this more expensive to the
> > > attacker, such as tar-pitting?
> >
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mike Galvez
> Sent: Wednesday, September 08, 2004 7:55 AM
> To: Ted Mittelstaedt
> >
> > If you successfully erect a network block, the cracker's software
> > will just go to the next IP in the sequence t
If you have no need for remote users to ssh into your system them
remove the ssh enable statement from rc.conf. If you do need ssh
then change its default port to some thing else and have all
authorized remote ssh users add the new port number to the remote
ssh login command. This will stop all yo
On Wed, Sep 08, 2004 at 01:19:15AM -0700, Ted Mittelstaedt wrote:
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Mike Galvez
> > Sent: Tuesday, September 07, 2004 6:42 AM
> > To: [EMAIL PROTECTED]
> &
John Mills wrote:
Ahh -
Exactly the scenario here, except the names were different (but similar)
and the source IP was: 64.124.210.23
Thanks.
On Wed, 8 Sep 2004, Jonathan Chen wrote:
On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
I am seeing a lot of automated attacks lately agains
Ahh -
Exactly the scenario here, except the names were different (but similar)
and the source IP was: 64.124.210.23
Thanks.
On Wed, 8 Sep 2004, Jonathan Chen wrote:
> On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
> > I am seeing a lot of automated attacks lately against sshd suc
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mike Galvez
> Sent: Tuesday, September 07, 2004 6:42 AM
> To: [EMAIL PROTECTED]
> Subject: Tar pitting automated attacks
>
>
> Is there a method to make this more expensive
On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
> I am seeing a lot of automated attacks lately against sshd such as:
>
[...]
> Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user server from
> 159.134.244.189 port 4044 ssh2
> Sep 6 12:16:41 www sshd[29902]: Failed pas
I am seeing a lot of automated attacks lately against sshd such as:
Sep 6 12:16:24 www sshd[29888]: Failed password for root from 159.134.244.189 port
3723 ssh2
Sep 6 12:16:25 www sshd[29889]: Failed password for illegal user webmaster from
159.134.244.189 port 3749 ssh2
Sep 6 12:16:26 www ss
14 matches
Mail list logo
