On debian-user it was suggested I also post this here, thanks, Michael<snip>
I notice that frequently many machines around here get attacked by a potential hacker (a prog I guess) trying lots of usernames to get in to all the machines, using the same set of usernames at the same time. Have people seen this on their machines? I'm guessing it's a virus/worm on a Windows box doing this but does anybody know more?
I see this quite regularly. It's generally an external script kiddy trying to get a toe-hold into a box by brute-force guessing a common username with a weak password.
I've followed & done most of the suggestions listed in chpts 4 & 5 of "Securing Debian" HowTo/Manual although I will admit to not following and therefore not having got around to firewalling. Other suggestions most welcome.
Firewall out unnecessary SSH access, enforce strict password policies and regularly run your passwd file through john with a big dictionary file, automatically locking accounts it cracks.
PD
-- Paul Day Web: www.bur.st/~paul GPG Key ID: 7FF655A8
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
