On Sun, 2009-02-15 at 01:14 +0000, pete shorthose wrote:
> On Sun, 15 Feb 2009 00:43:17 +0100
> Fons Adriaensen <fons@email-addr-hidden> wrote:
>
> > On Sat, Feb 14, 2009 at 11:55:13PM +0100, Julien Claassen wrote:
> >
> > > 8226 ? Ss 0:00 sshd: unknown [priv]
> > > 8227 ? S 0:00 sshd: unknown [net]
> >
> > > Just before that I only saw "sshd [accept]" and "sshd [net]".
> > > Shutdown sshd and made new password and restarted sshd. Now it's the same.
> > > Can I easily check where it's coming from and what it's doing. I don't see
> > > anything besides those two lines. No other strange processes.
> >
> > Someone is trying a ssh login - usually from the former
> > east block - and probably trying a list of user names
> > and passwords. Do (as root) tail -50 /var/log/secure
> > to see the show.
> >
> > It happens here all the time. As long as you don't have
> > any easily guessed user/passwd combinations the danger
> > is limited, and closing your network connection for a
> > minute usually makes them go away. Configuring sshd to
> > allow only dsa authentication is better of course.
>
> I changed the port sshd runs on because I got sick of the
> clickety click as logs were written due to brute force login
> attempts. Not an option for everyone but it did the trick
> nicely for me. Port knocking is another option.
Another option is a service called denyhosts, it adds entries
to /etc/hosts.deny for each host from which a defined number of failed
logins happen. So the attacking hosts are dropped out as they try
passwords and hopefully fail...
http://denyhosts.sourceforge.net/
-- Fernando
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@email-addr-hidden
http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev
Received on Sun Feb 15 08:15:01 2009
This archive was generated by hypermail 2.1.8 : Sun Feb 15 2009 - 08:15:01 EET