Hi Greg This a known ssh scan, last time i had 70000 attempts, they try to guess the password, so make your passwords good. You can also block the ip range from where the attack comes, for a while , even last week, my home box got ssh scanned, i would have reposted them, bit i think, it would not matter. Cheers Szemir
On February 21, 2005 21:59, Greg King wrote: > Hi folks, > > I have a RH9 system which is exposed to the internet by having a firewall > port forward SSH to it. Root login is disabled, and the few (4~5) accounts > that are on the box have passwords, although probably not as hard as they > should be. > > For the past few week I've noticed lots of attempts to logon using various > ids, most of which don't exist on the box. I've also heard that SSH itself > has known exploits which can result in nefarious types taking control of a > box. I don't believe the box is compromised yet, as tripwire seems to be > not finding any newly changed system files, but I guess worst case tripwire > itself could be compromised. My question is twofold: > > 1. How easy is it to compromise SSH (OpenSSH_3.5p1 which was the latest one > available when RH dropped auto update for RH9)? The RedHat site doesn't > have an upgrade after Sep 2003. > 2. Is it worth while to try to report this activity to abuse@ whatever > domain the IP is coming from? > > Regards, > Greg King > > > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
