illegal user root user failed login attempts

2005-05-17 Thread Peter Kropholler 
This link might help:
http://seclists.org/lists/incidents/2005/Feb/0004.html
Karol,
Thanks for this pointer.
There are two really important pieces of advice on that web page
which persuade me to ditch any thoughts of trying to determine
what passwords people are using with their illegal login scams:
1. it's probably illegal
2. it potentially gives hackers an excuse: someone else knew their  
password?!

As things stand, ssh is designed so you can't get at people's passwords
and I am leaving it alone. Focussing instead on the task of making
sure my passwords are strong, limiting AllowUsers to specific users and
trusted ip addresses, and moving ssh off port 22.
Other advice I received was to consider logging ip addresses and
sending complaints to the relevant authorities: however I doubt that
there is very much point in doing so since my guess is that most
scams come from hacked machines anyway. Basically you never see
the same ip address twice.
many thanks
Peter K

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

illegal user root user failed login attempts

2005-04-26 Thread Peter Kropholler 
I run a server at home on port 22.
There are loads of illegal user attempts to login
every few days. As its at home I protect myself
by having only one user on the sshd AllowUsers
list and with a very strong password and no
admin/sysman priveleges.
So essentially every failed login attempt is illegal.
Is there any way to actually record what passwords
the hackers' scripts are trying? I am just really intrigued
to know what they are thinking might work.
I realize that it's not normally appropriate to log people's
passwords but in my case I am literally the only user
who will ever legitimately login to my machine
__
Professor Peter H Kropholler
Department of Mathematics
University of Glasgow
University Gardens
Glasgow G12 8QW
Tel +44 (0)141 330 4124
Fax +44 (0)141 330 4111
email [EMAIL PROTECTED]
__
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"