My sshd comes under attack all the time, but I'm rather confident that a dictionary attack won't guess both my login and my password, because neither can be found in a dictionary. Scripts on their own don't have enough intelligence to do that which would take a human being.
On Fri, 04 Mar 2005 06:49:14 +0100, R. Hirschfeld wrote: >> Date: Tue, 01 Mar 2005 13:43:25 -0600 >> From: Clinton MacDonald <[EMAIL PROTECTED]> > >> As was hinted in this forum, the solution was quite easy, once I knew >> the trick. My router has a Web interface, and Port Forwarding was one of >> the options. I chose to add a new port (port 22 for ssh was not one of >> the defaults), and typed in my primary machine's local IP address >> (192.168.0.2). Then, I waited until I got to work and typed "ssh >> 66.xxx.xxx.xxx" in the Terminal. I was rewarded with the RSA >> authentification dialog, then asked for my password. A quick "ls" showed >> me my Mac OS X home directory. I can also transfer files using an SFTP >> client (Fugu for Mac OS X has my highest recommendation). I suppose from >> the Mac OS X machine, I could ssh into my home Linux box for more fun >> and games (not yet tested). > > I had a similar setup but I recently turned off the port forwarding > (my NAT box calls it a "virtual server") because of dictionary > password attacks from the outside world. Apparently these are quite > common and widespread nowadays, originating from virus-infected zombie > machines directed by script kiddies to do port scans and start > guessing logins and passwords when they find an open port. Check > /var/log/secure to see whether your system is under attack--many are > without their owners realizing it. > > Ray > _______________________________________________ > yellowdog-general mailing list > [email protected] > http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general > HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com' _______________________________________________ yellowdog-general mailing list [email protected] http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
