[plug] 203.236.241.42 / ndyne.com
Ben Jensz
plug at jensz.id.au
Mon Aug 23 22:00:03 WST 2004
You should close off ssh to only interfaces that it needs to be on,
and/or hide it as a closed port with iptables.
I did see this on a machine that wasn't executing its firewall ruleset
yesterday (typos... hmmm). Had hits from that one and several others
from all over the place, including a couple of Taiwanese ones.
/ Ben
Kai wrote:
> Luke Dudney wrote:
>
>> Kai wrote:
>>
>>> Anyone getting a lot of login attempts from this IP with the
>>> usernames admin, root and test ?
>>
>>
>>
>>
>> Looks like the brute ssh tool which has been used fairly extensively
>> lately. The SANS ISC has been tracking this for a number of weeks:
>> http://isc.sans.org/ (one of the few sites I visit every day).
>>
>> Cheers
>> Luke
>
>
> Thanks Luke, James and Craig for the info.
> I had nine failed attempts from 16:05 to 16:06 today, have emailed the
> ISP to let them know.
>
> Cheers
> Kai
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list