Re: intrusion via ssh

• Previous message: Rakotomandimby (R12y) Mihamina: "Re: intrusion via ssh"
• In reply to: Jacob S: "Re: intrusion via ssh"
• Next in thread: Rakotomandimby (R12y) Mihamina: "Re: intrusion via ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Date: Thu, 31 Mar 2005 10:38:26 -0300

Try changing the default port of your sshd.

El jue, 31-03-2005 a las 07:28 -0600, Jacob S escribió:
> On Thu, 31 Mar 2005 12:55:46 +0200
> Frederic Guillet <fguillet@gmail.com> wrote:
>
> > Hi,
> >
> > i just checked my mail log on my server (that runs sarge with postfix)
> > and got this kind of lines:
> >
> > MAR 30 20:01:33 servername sshd[17890] illegal user john from
> ^^^^^^^
> > 24.15.134.130
> >
> > I have about 500 attemps with different usernames and the same IP so i
> > guess it is a robot which is trying to enter my system.
> >
> > the pb with such log is that it does not say if the user has succeeded
> > to enter the machine or if the attempt has failed.
> >
> > any config advice or tutorial are welcome.
>
> Actually, it does tell, though perhaps not in the wording you would
> like. Linux does not let users do 'illegal' actions. (Talking purely
> from a security viewpoint here, not legal. :-)
>
> HTH,
> Jacob
>
>

-- 
__________________________________________________________________
David Roguin - Ingeniería de Producto - tel/fax (54) 11-4701-8877
ASES Consulting - Av. Juan García del Río 2477 piso 6 (C1429DEA)
Ciudad Autónoma de Buenos Aires - Argentina
Ases Consulting Site : http://www.ases.com.ar
__________________________________________________________________
AVISO DE CONFIDENCIALIDAD. La información incluida en este e-mail está
dirigida únicamente al destinatario. Puede contener información
privilegiada, confidencial y que no debe ser revelada. Si ha recibido
este
e-mail por error, por favor no disemine, utilice, publique, distribuya,
revele o copie esta comunicación de ningún modo. En cambio, por favor
notifíquenos inmediatamente remitiéndonos este e-mail (incluso el
mensaje
original en su contestación), por tel / fax(54-11-4701-8877)  y entonces
elimine y deseche todas las copias de este e-mail. Gracias
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Rakotomandimby (R12y) Mihamina: "Re: intrusion via ssh"
• In reply to: Jacob S: "Re: intrusion via ssh"
• Next in thread: Rakotomandimby (R12y) Mihamina: "Re: intrusion via ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Exim has ceased deliveries. ... AVISO DE CONFIDENCIALIDAD. ... La información incluida en este e-mail está ... Puede contener información ... e-mail por error, por favor no disemine, utilice, publique, distribuya, ... (Debian-User) Re: Upgrading woody to sarge ... AVISO DE CONFIDENCIALIDAD. ... La información incluida en este e-mail está ... Puede contener información ... e-mail por error, por favor no disemine, utilice, publique, distribuya, ... (Debian-User) Re: how long till gnome 2.6.10 ... >> Rise Again! ... > AVISO DE CONFIDENCIALIDAD. ... La información incluida en este e-mail está ... > e-mail por error, por favor no disemine, utilice, publique, distribuya, ... (Debian-User) Re: Exim has ceased deliveries. ... remote domains not supported ... I only setup exim for system mail, no external deliveries what soever and was ... La información incluida en este e-mail está ... > e-mail por error, por favor no disemine, utilice, publique, distribuya, ... (Debian-User)