On Wed, 04 Aug 2004 11:03:33 -0400, Matt Morgan
<matt.morgan-fedora-list(a)brooklynmuseum.org> wrote:
On 08/02/2004 05:57 PM, Brian Fahrlander wrote:
>On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote:
>
>
>>>>On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng
<Ow.Mun.Heng(a)wdc.com> wrote:
>>>>
>>>>
>>>>This was in my logs last night at 11.56pm.
>>>>
>>>>
>>>Aug 2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test
from
>>>::ffff:69.59.166.236 port 41532 ssh2
>>>Aug 2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest
from
>>>::ffff:69.59.166.236 port 41714 ssh2
>>>
>>>Seems to be coming from San Fransisco...
>>>
>>>
>>>
>>>
>>The fact that a user and password is getting flagged indicates that the
>>hacker is getting past your /etc/hosts.deny file. I keep my ssh access
>>shut down except for IP address ranges I am expecting. I realize this is
>>not possible in all cases, but stopping the hacker before they get a login
>>prompt is in my opinion a preferred situation.
>>
>>
>
> Yeah, but you may as well firewall the world. This seems to be
>everywhere.
>
>
>
So use hosts.allow instead, and specify the few particular hosts that
are allowed to attempt to connect. Everyone else will be summarily
rejected. (Firewalling the world is not a bad option, either).
take a look of this.
http://www.dshield.org/port_report.php?port=22&recax=1&tarax=2&am...