----- Original Message ----- From: "Dan Candea" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, April 28, 2005 2:42 PM Subject: [rlug] Re: atac ssh
> Iulian said the following on 04/28/05 14:32: >> Knight wrote: >> >> >>>foarte interesant ar fi sa te loghezi daca pica mailu >>>si serveru e in alta tara :) >>> >>> >>> >>> >> >> Si ce eu am zis ca e o varianta perfecta si infailibila? Eu am >> scris >> ca este o varianta posibila, nu am dat de inteles >> ca e cea mai BUNA! De ce unii inteleg altceva .....!? Si ce nu se >> poate >> face in acelasi script o comanda care sa verifice daca severul de >> mail a >> picat(daca a picat pornesc ssh-ul)? >> >> NOTA: nu este o varianta perfecta! >> >> ,Iulian >> >> PS. si daca ia foc SERVERUL .......? > > > programezi scriptu sa porneasca extintorul. dahh :) si extinctorul sa cheme pompierii > >> >> >> >> >>>Iulian wrote: >>> >>> >>> >>>> Poate ar fi bine(daca nu ai deja) sa nu permiti conectare pe root >>>>prin ssh, ci printr-un user obisnuit >>>>, si de acolo faci su root. In felul asta probabilitatea de a chiti >>>>2 >>>>parole si un user e f. mica(ca user obisnuit poti sa pui ceva lung, >>>>greu >>>>de nimerit, ex.: mama_lor_de_CRACKERI)! O alata posibilitate este sa >>>>pornesti ssh-ul pe baza de e-mail. Faci un script care se executa >>>>din 5 >>>>in 5 minute si cauta un anumit string stiut de tine in mail-le >>>>primite. >>>>Daca gaseste, at. porneste ssh-ul! >>>> >>>>,Iulian >>>> >>>>[EMAIL PROTECTED] wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Din timp in timp imi apar prin loguri chestii de genul: >>>>> >>>>>Apr 27 23:56:08 grinch sshd[1129]: Illegal user test from >>>>>211.61.205.123 >>>>>Apr 27 23:56:08 grinch sshd[1129]: error: Could not get shadow >>>>>information >>>>>for NOUSER >>>>>Apr 27 23:56:08 grinch sshd[1129]: Failed password for illegal user >>>>>test >>>>> >>>>> >>>> >>>>>from 211.61.205.123 port 53376 ssh2 >>>> >>>> >>>> >>>> >>>>>Apr 27 23:56:15 grinch sshd[1131]: Illegal user guest from >>>>>211.61.205.123 >>>>>Apr 27 23:56:15 grinch sshd[1131]: error: Could not get shadow >>>>>information >>>>>for NOUSER >>>>>Apr 27 23:56:15 grinch sshd[1131]: Failed password for illegal user >>>>>guest >>>>> >>>>> >>>> >>>>>from 211.61.205.123 port 53552 ssh2 >>>> >>>> >>>> >>>> >>>>>Apr 27 23:56:21 grinch sshd[1133]: Illegal user admin from >>>>>211.61.205.123 >>>>>Apr 27 23:56:21 grinch sshd[1133]: error: Could not get shadow >>>>>information >>>>>for NOUSER >>>>>Apr 27 23:56:21 grinch sshd[1133]: Failed password for illegal user >>>>>admin >>>>> >>>>> >>>> >>>>>from 211.61.205.123 port 53716 ssh2 >>>> >>>> >>>> >>>> >>>>>Apr 27 23:56:26 grinch sshd[1135]: Illegal user admin from >>>>>211.61.205.123 >>>>>Apr 27 23:56:26 grinch sshd[1135]: error: Could not get shadow >>>>>information >>>>>for NOUSER >>>>>Apr 27 23:56:26 grinch sshd[1135]: Failed password for illegal user >>>>>admin >>>>> >>>>> >>>> >>>>>from 211.61.205.123 port 53862 ssh2 >>>> >>>> >>>> >>>> >>>>>Apr 27 23:56:32 grinch sshd[1137]: Illegal user user from >>>>>211.61.205.123 >>>>>Apr 27 23:56:32 grinch sshd[1137]: error: Could not get shadow >>>>>information >>>>>for NOUSER >>>>>Apr 27 23:56:32 grinch sshd[1137]: Failed password for illegal user >>>>>user >>>>> >>>>> >>>> >>>>>from 211.61.205.123 port 53979 ssh2 >>>> >>>> >>>> >>>> >>>>>Apr 27 23:56:39 grinch sshd[1139]: Failed password for root from >>>>>211.61.205.123 port 54129 ssh2 >>>>>Apr 27 23:56:44 grinch sshd[1141]: Failed password for root from >>>>>211.61.205.123 port 54270 ssh2 >>>>>Apr 27 23:56:53 grinch sshd[1143]: Failed password for root from >>>>>211.61.205.123 port 54395 ssh2 >>>>> >>>>>E ceva exploit de ssh ? Sau individul spera sa gaseasca un cont >>>>>fara >>>>>parola ? >>>>> >>>>>-- >>>>>? >>>>> >>>>> >>>>> >>>>>--- >>>>>Detalii despre listele noastre de mail: http://www.lug.ro/ >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>>--- >>>>Detalii despre listele noastre de mail: http://www.lug.ro/ >>>> >>>> >>>> >>>> >>>> >>> >>>--- >>>Detalii despre listele noastre de mail: http://www.lug.ro/ >>> >>> >>> >>> >>> >> >> >> >> --- >> Detalii despre listele noastre de mail: http://www.lug.ro/ >> >> >> > > > -- > Dan Candea > Does God Play Dice? > 0xD9241077 at pgp.mit.edu > http://www.e-bizz.ro > > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > --- Detalii despre listele noastre de mail: http://www.lug.ro/
