[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSH Attacks - What to do?



In reviewing the logs on my Linux server I see that for today and much 
of yesterday someone has a machine set up that's trying to log in 
every few seconds via SSH. They have had no success so far. Here's a 
snippet of the message log, the file is huge with these things. (The 
last two entries are me doing legitimate work.)

Jul 27 04:45:33 merlin sshd(pam_unix)[14815]: check pass; user unknown
Jul 27 04:45:33 merlin sshd(pam_unix)[14815]: authentication failure; 
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=216.193.235.216

Jul 27 04:45:37 merlin sshd(pam_unix)[14817]: check pass; user unknown
Jul 27 04:45:37 merlin sshd(pam_unix)[14817]: authentication failure; 
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=216.193.235.216

Jul 27 12:04:50 merlin samba(pam_unix)[14923]: session opened for user 
tim by (uid=0)

Jul 27 14:21:28 merlin ftpd[14943]: wu-ftpd - TLS settings: control 
allow, client_cert allow, data allow
Jul 27 14:21:34 merlin ftpd[14943]: FTP session closed

For the time being I've shut off the ports in the little home gateway 
but that's not a good long term solution. My son and I both use the 
box remotely to access files for school and work.

Is there any way to stop this? Do I just depend on password security 
or are there other tools I can readily apply to help?

I'd really like to stop it before it gets past the gateway. We have 
metered wireless DSL service and if they are persistent enough it 
could end up costing me money just for the failed attempts.

-- 
Tim

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.