Hi folks, I have a RH9 system which is exposed to the internet by having a firewall port forward SSH to it. Root login is disabled, and the few (4~5) accounts that are on the box have passwords, although probably not as hard as they should be.
For the past few week I've noticed lots of attempts to logon using various ids, most of which don't exist on the box. I've also heard that SSH itself has known exploits which can result in nefarious types taking control of a box. I don't believe the box is compromised yet, as tripwire seems to be not finding any newly changed system files, but I guess worst case tripwire itself could be compromised. My question is twofold: 1. How easy is it to compromise SSH (OpenSSH_3.5p1 which was the latest one available when RH dropped auto update for RH9)? The RedHat site doesn't have an upgrade after Sep 2003. 2. Is it worth while to try to report this activity to abuse@ whatever domain the IP is coming from? Regards, Greg King _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
