Re: [SLE] Think I've been cracked... not certain

From: David SMITH (dave.smith_at_st.com)
Date: 07/30/04

  • Next message: Lorenzo Maldonado M.: "[SLE] kernel-smp update problems" 
    Date: Fri, 30 Jul 2004 14:44:50 +0100
To: suse-linux-e@suse.com

    On Thu, Jul 29, 2004 at 09:16:38PM -0500, C Hamel wrote:
    > I have never before seen this. I have the firewall engaged. Not certain what
    > ot make of it. All I know is that my internet connection went down the last
    > two times of the three this happened , and has been a little flakey all day
    > long.
    [snip]

    Someone on our local LUG has noted that there are some people around
    trying brute-force attacks on SSH servers (i.e. try lots of combinations
    of username and password to see if any of them work).

    If you don't need it, disable sshd; otherwise:

    Make sure that your sshd is installed and configured properly:

     o Up to date - there were a few security holes a while ago
     o root (and any other priviledged user) login is disabled
     o SSH v1 is disabled - allow only SSH v2
     o Disable password login if possible, allowing only public/private key
       login

    Also, make sure all the passwords on your system are strong.

    Otherwise, it doesn't look like anything serious (unless the attacking
    IP is yours), but the disappearing net connection looks worthy of
    investigation (of course, it could just be the cracker overloading the
    link). 

    -- 
David Smith            Work Email: Dave.Smith@st.com
STMicroelectronics     Home Email: David.Smith@ds-electronics.co.uk
Bristol, England          GPG Key: 0xF13192F2
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Lorenzo Maldonado M.: "[SLE] kernel-smp update problems"