failed ssh breakins on my exposed www box ..

Hi there, I found these in my event log from yesterday: Mar 23 09:33:16 www sshd[10998]: input_userauth_request: illegal user www Mar 23 09:33:18 www sshd[10998]: Failed none for illegal user www from 213.26.96.103 port 2276 ssh2 Mar 23 09:33:18 www sshd[10998]: Failed keyboard-interactive

Re: failed ssh breakins on my exposed www box ..

It just looks like someone is trying to brute-force an account, I'm sure there are plenty of places that provide tools for this. Just make sure you enforce secure passwords, and keep an eye on your syslog. On Sun, Mar 24, 2002 at 07:11:25AM -0800, Stephen Hassard wrote: Hi there, I found

Re: failed ssh breakins on my exposed www box ..

sorta what I figured, but it was a pretty half assed attempt. :P on a side note, are these typically worth reporting to the ISP of the attacker? I tried doing a DNS lookup on the box in question, but it doesn't seem to have an FDQN registered. What's the best way to figure out the admin for a

Re: failed ssh breakins on my exposed www box ..

Hi, To find out who owns the IP block you can do 'whois -h whois.arin.net ip'. I don't think reporting it would achieve anything, just a friendly warning from the ISP to the user in question. On Sun, Mar 24, 2002 at 08:01:04AM -0800, Stephen Hassard wrote: sorta what I figured, but it was a

Re: failed ssh breakins on my exposed www box ..

On Sun, Mar 24, 2002 at 08:01:04AM -0800, Stephen Hassard wrote: What's the best way to figure out the admin for a subnet from a machine's IP? whois the_ip_adress -- Lionel Mamane msg06057/pgp0.pgp Description: PGP signature

Re: failed ssh breakins on my exposed www box ..

I get these all the time. I've come to expect people to do this. It sucks, but hey, what can you do. I'm fed up trying to report and chase them down. We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to

Re: failed ssh breakins on my exposed www box ..

We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I respect your opinion, but i would hate to have a new branch of government wasting my tax dollars. If these types of attacks can be stopped on the software side, than that be much more effective than

Re: (A little OT) Introduction to cryptography

[resources about cryptography blah blah] Thank you all for your quick help! Now I have a bunch of new bookmarks (I just have to read them.. =P ) CU, Philippe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: failed ssh breakins on my exposed www box ..

You could also TCP Wrap the services. That drops the BS quite a bit. :) -Anne On Sun, Mar 24, 2002 at 11:44:26AM -0500, Gary MacDougall wrote: I get these all the time. I've come to expect people to do this. It sucks, but hey, what can you do. I'm fed up trying to report and chase them

Re: failed ssh breakins on my exposed www box ..

We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff.  I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for terrorist

Re: failed ssh breakins on my exposed www box ..

We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for

Re: failed ssh breakins on my exposed www box ..

Feeding the trolls in this pen is inadvisable. -- Martin Wheeler [EMAIL PROTECTED] gpg key 01269BEB @ the.earth.li -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: failed ssh breakins on my exposed www box ..

On Sun, Mar 24, 2002 at 12:28:17PM -0500, timothy bauscher wrote: We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I respect your opinion, but i would hate to have a new branch of government wasting my tax dollars. If these types of attacks can be

Re: failed ssh breakins on my exposed www box ..

On Sun, Mar 24, 2002 at 07:24:18PM +0100, andreas mayer wrote: We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. ?I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker

Re: failed ssh breakins on my exposed www box ..

In article [EMAIL PROTECTED] [EMAIL PROTECTED] writes: What's the best way to figure out the admin for a subnet from a machine's IP? As others have pointed out, whois is the normal tool to do it, but they forgot to mention the complexities you get with servers pointing to each other and

Re: (A little OT) Introduction to cryptography

On Fri, 23 Mar 2001 13:50:54 +0100, Philippe Seidel [EMAIL PROTECTED] was runoured to have said: Hi all, As you are the only security-related list I'm subscribed to and cryptography has something to do with security, I'm directing this question to this list. I want to inform myself

failed ssh breakins on my exposed www box ..

Hi there, I found these in my event log from yesterday: Mar 23 09:33:16 www sshd[10998]: input_userauth_request: illegal user www Mar 23 09:33:18 www sshd[10998]: Failed none for illegal user www from 213.26.96.103 port 2276 ssh2 Mar 23 09:33:18 www sshd[10998]: Failed keyboard-interactive

Re: failed ssh breakins on my exposed www box ..

It just looks like someone is trying to brute-force an account, I'm sure there are plenty of places that provide tools for this. Just make sure you enforce secure passwords, and keep an eye on your syslog. On Sun, Mar 24, 2002 at 07:11:25AM -0800, Stephen Hassard wrote: Hi there, I found

Re: failed ssh breakins on my exposed www box ..

sorta what I figured, but it was a pretty half assed attempt. :P on a side note, are these typically worth reporting to the ISP of the attacker? I tried doing a DNS lookup on the box in question, but it doesn't seem to have an FDQN registered. What's the best way to figure out the admin for a

Re: failed ssh breakins on my exposed www box ..

Hi, To find out who owns the IP block you can do 'whois -h whois.arin.net ip'. I don't think reporting it would achieve anything, just a friendly warning from the ISP to the user in question. On Sun, Mar 24, 2002 at 08:01:04AM -0800, Stephen Hassard wrote: sorta what I figured, but it was a

Re: failed ssh breakins on my exposed www box ..

I get these all the time. I've come to expect people to do this. It sucks, but hey, what can you do. I'm fed up trying to report and chase them down. We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to

Re: failed ssh breakins on my exposed www box ..

On Sun, Mar 24, 2002 at 11:44:26AM -0500, Gary MacDougall wrote: We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Sure, but this particular attempt

Re: failed ssh breakins on my exposed www box ..

We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I respect your opinion, but i would hate to have a new branch of government wasting my tax dollars. If these types of attacks can be stopped on the software side, than that be much more effective than

Re: (A little OT) Introduction to cryptography

[resources about cryptography blah blah] Thank you all for your quick help! Now I have a bunch of new bookmarks (I just have to read them.. =P ) CU, Philippe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: failed ssh breakins on my exposed www box ..

You could also TCP Wrap the services. That drops the BS quite a bit. :) -Anne On Sun, Mar 24, 2002 at 11:44:26AM -0500, Gary MacDougall wrote: I get these all the time. I've come to expect people to do this. It sucks, but hey, what can you do. I'm fed up trying to report and chase them

Re: failed ssh breakins on my exposed www box ..

We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff.  I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for terrorist

Re: failed ssh breakins on my exposed www box ..

We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for terrorist

Re: failed ssh breakins on my exposed www box ..

Feeding the trolls in this pen is inadvisable. -- Martin Wheeler [EMAIL PROTECTED] gpg key 01269BEB @ the.earth.li -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: failed ssh breakins on my exposed www box ..

On Sun, Mar 24, 2002 at 12:28:17PM -0500, timothy bauscher wrote: We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I respect your opinion, but i would hate to have a new branch of government wasting my tax dollars. If these types of attacks can be

Re: failed ssh breakins on my exposed www box ..

On Sun, Mar 24, 2002 at 07:24:18PM +0100, andreas mayer wrote: We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. ?I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker