Tim Aslat said the following on 9/14/2004 10:51 PM:
In the immortal words of Glenn Sieb <[EMAIL PROTECTED]>...I should have been clearer--the ones coming in on *my* server have all been from APNIC :-/
I've been getting this for weeks. They're all under APNIC, and emails
to [EMAIL PROTECTED] involved networks has gone unanswered.
I've been getting these as well, but from a multitude of address spaces.
Not just APNIC.
*nod* But I really can't think of any reason to have an exposed machine allow a direct-root login... Probably I just haven't had that particular need or experience yet...Agreed. However if you 'Absolutely' require something to be done remotely as root, make it a pub/priv key sequence and limit the command using the keys.
But with protected machines? Sure--at my old job (at Lumeta) we had our "one trusted" machine which was allowed to ssh as root (using keys only) to our internal machines. For purposes of pushes/pulls/upgrades/stuff along those lines.
Very sane practice
*nod* I'd like to think Tal rubbed off on me a bit :)
It is possible that the box was compromised and the utmp/wtmp log
removed/edited/etc, and I would start looking immediately for other
traces of a possible intrusion.
*nod* Hopefully he wasn't hacked--that would be major suckage :-/
Best, Glenn
--
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. ~Benjamin Franklin, Historical Review of Pennsylvania, 1759
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"