[121881] in North American Network Operators' Group
Re: SSH brute force China and Linux: best practices
daemon@ATHENA.MIT.EDU (Bazy)
Sat Jan 30 05:23:19 2010
In-Reply-To: <c3de0a331001292047u33e175edy30bce313a4c22105@mail.gmail.com>
Date: Sat, 30 Jan 2010 12:22:37 +0200
From: Bazy <bazy84@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Jan 30, 2010 at 6:47 AM, Bobby Mac <bobbyjim@gmail.com> wrote:
> Hola Nanog:
>
> So after many years of a hiatus from Linux, =A0I recently dropped XP in f=
avour
> of Fedora. =A0Now that my happy windows blinders are off, I see alarming
> things. =A0Ugly ssh brute force, DNS server IP spoofing with scans and ty=
pical
> script kiddie tactics.
>
> What are the new set of best practices for those running a NIX home
> computer. =A0Yes I have a firewall and I do peruse my logs on a regular
> basis.
>
> BTW: ever drop a malformed =A0URL to alert an admin to some thing that su=
cks?
> w3.hp.com/execs/makes/too/much/money or
> www.yourbuddiesdomain.com/it/is/all/rfc/space/use/1918/when/referring/to/=
non/routable
>
> Thanks,
> BobbyMac
>
Hello Bobby,
Take a look at http://www.fail2ban.org and
http://denyhosts.sourceforge.net. I'm not Chinese but I'm sure that
brute-force attacks come from all over the world. Here's a little from
my logwatch.
Refused incoming connections:
211.234.60.44 (211.234.60.44): 1 Time(s)
218.3.88.114 (218.3.88.114): 1 Time(s)
58.68.119.187 (58.68.119.187): 2 Time(s)
89.149.149.132 (89.149.149.132): 5 Time(s)
net137-143.paichai.ac.kr (203.250.137.143): 1 Time(s)
Regards,
Bazy
