On Wed, Jul 18, 2007 at 07:05:44AM -0400, Richard Creighton wrote: > > > Marcus Meissner wrote: > > On Wed, Jul 18, 2007 at 06:15:16AM -0400, Richard Creighton wrote: > >> Just when I thought it might have been over <frown> > >> > >> First, China, then France and now Iran..... > >> > >> > >> First things first: My SysConfig settings that I ended up with from the > >> first thread that actually got into IPTABLES > > > > This is a SSH worm. The origin is pretty irrelevant. > > > > Ciao, Marcus > > > OK, I'll bite...what worm and what can I do about it? ....and where > is it coming from....from one of my systems (all Linux) or one of the > destination IP's.... What defenses will work?
Well, it tries to break into your system, but is very likely not in any of your machines if you only see external ips. Since it / they have infected thousands of machines in the internet already you will see their scans from there. Good passwords, having SSH on a different port, or even disabling ssh from the outside are good help. Ciao, Marcus -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
