daniel wrote: >i didn't mean 'bothering me' in the sense that i wish they would go away. >i'm just concerned when i get strange messages that i don't understand. like >"g68JKQpm001168:....". to a newbie eye, this looks like an attempted hack. > >i know how to configure/compile apache, bind, samba and proftpd, but the >output i receive from them is still greek to me and i keep thinking that my >box has been hacked because i still don't understand so much. > >i guess what i'm saying here is that there's a need for something out there >that will plainly explain if i should worry about the message is get... >kinda like sshd's "[cytpyic message] - don't panic". does such software >exist? or at least a simple document that can get newbie sysadmins like me >on the right track? > >thanks for the info people. > > > > Hi all,
Well, in fact I received the "Don't panic" message from logwatch this morning. After checking Google I found that the message is a signature left by scanssh as noted in http://www.der-keiler.de/Mailing-Lists/securityfocus/incidents/2001-12/0244.html So I took the following actions: 0. Identified the originating IP 1. downloaded, compiled and installed the latest version of ssh. 2. portscanned the IP (just to make him/her know) 3. iptables denying all traffic from that IP range. Are these actions OK, paranoid or just plain futile? Francisco _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
