On Mon, 18 Oct 2004 08:51:22 +0300, Odhiambo Washington <[EMAIL PROTECTED]> wrote:
> 1. Is this some virus or some crackers playing around? Yeh, someone is prolly trying to bruteforce your boxes. > 2. Why only on 5.2.1 systems and not on any of the 4.10 boxes that I > also run? Negative, a couple of my 4.10 boxes also reports the same. > 3. Am I supposed to be worried at all? Well, I am not ;) You need not worry if you have done these: 1. Set PetmitRootLogin to No in sshd_config. 2. Use Public/Private keypair for authentication to all the previledged accounts, i.e. the accounts which are member of wheel. 3. Try to avoid accesing foreign services (surfing, IRCing) from previledged accounts. 4. NEVER login as root. Instead su to root as required. 5. Do not include the current directory in $PATH to save the ./ when running a binary from the current directory. 6. Maintain an updated tripwire (or alike) database. 7. Do not run any service which you do not need to. 8. Generate a script to parse log files at regular intervals and add blocks for IPs in the border router which had been trying to bruteforce the box. 9. And last but not the least, do not allow any user a priviledge which he/she does not need to have. Regards S. -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
