Login attacks

Rich Burroughs rich at paranoid.org
Tue Dec 7 23:33:08 UTC 2004


Michael J. Pawlowsky wrote:

> But the stuff coming from China....  Forget it.
> 
> I get attacks like these just about every other day. I maintain servers 
> for several networks...  And there always seems to be one of them 
> somewhere that is getting probed.

Yeah, the question is whether this is just a random scan or someone 
actually targeting the machine for some reason. There is a ton of 
scanning going on nowadays, it's very common. When a new root 
vulnerability surfaces, there are usually scripts written pretty soon 
after that scan large netblocks looking for any machine that is vulnerable.

In terms of what you can do, block the address(es) by all means. And 
make sure to stay up to date on the available patches/upgrades. The vast 
majority of root compromises happen by way of known vulnerabilities. 
Also, don't run services you don't need to, and use iptables to restrict 
access as mush as possible for any you do need.


Rich





More information about the users mailing list