[wellylug] got ya / 4

Ewen McNeill wellylug at ewen.mcneill.gen.nz
Tue Oct 12 15:55:58 NZDT 2004


In message <20041012021601.LQQI22901.mta2-rme.xtra.co.nz at there>, "E.Chalaron" writes:
>I do not want to argue about what we defined as "hard", to me it was hard 
>enough to be a concern ... Basically he SSHed the servers with root, nobody, 
>apache, admin and so on. He has been doing it for 5 minutes or so..

Welcome to the Internet.  Please fasten your seatbelt.

I'm pretty much convinced that there's at least one script kiddie tool
which "rattles the doorknobs" on every ssh daemon it can find trying a
combination of root passwords, and various other accounts that it can
think of, before moving onto the next server.

I see these sort of attempts on most of my systems (with ssh access from
the world) pretty much every day from various IP addresses.  I've never
bothered to trace the IP addresses, as I assume that they're previously
compromised hosts.

Providing you have good passwords, disable the accounts you don't need
anyone logging into, and (ideally) disable direct root logins it
shouldn't be a major concern.  Oh, and keep your systems patched.

If it bothers you I would suggest firewalling your ssh port so that it's
reachable only from "trusted" locations.

Ewen




More information about the wellylug mailing list