Is this what it seems to be? Someone attempting to ssh to my machine?
If so, what is the best way to make Life really miserable for hin?
Been going on for abt. half an hour.
Here is the whole line from /var/log/messages
Cheers,
dmz17
by dmz1 » Thu, 17 Oct 2002 03:27:58
If so, what is the best way to make Life really miserable for hin?
Been going on for abt. half an hour.
Here is the whole line from /var/log/messages
Cheers,
dmz17
by Walter Hofman » Thu, 17 Oct 2002 03:38:49
Walter
by Tim Hayne » Thu, 17 Oct 2002 03:45:29
Don't run ssh ;8)Quote:> If so, what is the best way to make Life really miserable for hin?
If you must, make sure you've got `PermitRootLogin no' (or at most,
`without-password' for keys-only).
Also tie it down using tcp_wrappers to only a minimal set of incoming IP#s
allowed.
> Here is the whole line from /var/log/messages
> Oct 15 20:23:51 maltec sshd[6490]: refused connect from
~Tim
--
We stood in line, we laughed |http://spodzone.org.uk/
In silhouette |
by Tim Hayne » Thu, 17 Oct 2002 04:07:08
> The IP address logged is a IPv6 address. Maybe this is just because you
> installed an IPv6-aware sshd, or maybe this person is using IPv6 packets
> to get around firewalls that only filter IPv4 packets.
~Tim
--
20:06:45 up 12 days, 53 min, 9 users, load average: 0.20, 0.27, 0.27
http://piglet.is.dreaming.org |On the hills of gold
by dmz1 » Thu, 17 Oct 2002 04:15:16
>> Is this what it seems to be? Someone attempting to ssh to my machine?
> Smells like it to me.
>> If so, what is the best way to make Life really miserable for hin?
> Don't run ssh ;8)
> If you must, make sure you've got `PermitRootLogin no' (or at most,
> `without-password' for keys-only).
> Also tie it down using tcp_wrappers to only a minimal set of incoming IP#s
> allowed.
>> Been going on for abt. half an hour.
>> Here is the whole line from /var/log/messages
>> Oct 15 20:23:51 maltec sshd[6490]: refused connect from
> Some pesky Korean bastard's trying to ssh into your box (which is using
> ipv6-in-ipv4-enabled ssh) as user root at his end.
> ~Tim
Still, I find it annoying. Perhaps because I am tail'ing the logs.
If I weren't, I wouldn't see it ;-)
Cheers,
dmz17
by Duncan Thomso » Thu, 17 Oct 2002 05:15:20
> > Is this what it seems to be? Someone attempting to ssh to my machine?
> Smells like it to me.
> > If so, what is the best way to make Life really miserable for hin?
> Don't run ssh ;8)
by Tim Hayne » Thu, 17 Oct 2002 05:59:24
[snip]
>> > If so, what is the best way to make Life really miserable for hin?
>> Don't run ssh ;8)
> What do you recommend as a replacement? telnet????
~Tim
--
21:59:02 up 12 days, 2:45, 10 users, load average: 0.50, 0.40, 0.29
http://piglet.is.dreaming.org |A waste of words, and endless flow
by Ange » Thu, 17 Oct 2002 07:06:05
>>>Is this what it seems to be? Someone attempting to ssh to my machine?
>>Smells like it to me.
>>>If so, what is the best way to make Life really miserable for hin?
>>Don't run ssh ;8)
>>If you must, make sure you've got `PermitRootLogin no' (or at most,
>>`without-password' for keys-only).
>>Also tie it down using tcp_wrappers to only a minimal set of incoming IP#s
>>allowed.
>>>Been going on for abt. half an hour.
>>>Here is the whole line from /var/log/messages
>>>Oct 15 20:23:51 maltec sshd[6490]: refused connect from
>>Some pesky Korean bastard's trying to ssh into your box (which is using
>>ipv6-in-ipv4-enabled ssh) as user root at his end.
>>~Tim
> Tnx. I believe I got most of it covered. ssh only allowed from myu
> intranet.
> Still, I find it annoying. Perhaps because I am tail'ing the logs.
> If I weren't, I wouldn't see it ;-)
> Cheers,
> dmz17
angel
by dmz1 » Thu, 17 Oct 2002 12:58:22
Good point! I currently use SuSE's Firewall2 until I can sort out myQuote:> If you only allowed ssh from the your intranet you may aswell block port
> 22 on your firewall from the Internet too. If you only use it
> internally it's just a temptation allowing it to respond to the outside
> world.
> angel
Cheers,
dmz17
by Chris Patc » Wed, 30 Oct 2002 14:07:26
agetty on a serial port?Quote:> > > If so, what is the best way to make Life really miserable for hin?
> > Don't run ssh ;8)
> What do you recommend as a replacement? telnet????
by Tim Pailthorp » Wed, 06 Nov 2002 05:32:23
It works better with a serial port.
Quote:> > > > If so, what is the best way to make Life really miserable for hin?
> > > Don't run ssh ;8)
> > What do you recommend as a replacement? telnet????
> agetty on a serial port?
1. possible SYN flood on <my IP address>:80 from 130.244.157.50
"possible SYN flood on <my IP address>:80 from 130.244.157.50"
Debian Linux 2.0.34 ---- apache patched with ssl
I have seen this 'message' on the screen this morning.
The Linux has been hung up for three days ....
How can I know if I have been flooded?
How can I protect my Linux server?
2. Need workaround for broken WIN98SE dhcp client
3. SMC2835W Class ffff: Illegal Vendor ID: Unknown device ffff (rev ff)
4. pthread rwlocks under linux
5. kernel BUG at page_alloc.c:217!
6. svgalib Quake with Matrox Millenium?
7. SMC2835W Class ffff: Illegal Vendor ID: Unknown device ffff (rev ff)
8. Proof against 2-1/2 yr old?
9. Problem: kernel BUG at page_alloc.c:217!
10. Anyone know who controls 216.35.217.* ?
11. "Transmit timeout, status ff ffff ffff media ff"
12. [2.5][15/15] smp_call_function/_on_cpu - fallout
13. [2.5] reiserfs changeset 15 of 15 for 2.5.21