Enkidu wrote:
>There seems to be another brute-force script circulating targeting ssh, this one
>seems to have a new twist. The relevant segment of the log is at
>http://bastardsonofgod.com/050525-1452.log . Be safe,
>
>Art
>
>
Thanks for the warning.
I'm using ssh with keys. This "should" keep out the bad guys. I say
"should" in quotes because you never know when someone is going to find
an exploit. So far all I get are entries in my logs saying user X tried
logging in. It's always a long list of users that try to log in.
Dictionary attack with generic user accounts.
The one you are talking about here is different. I'll have to check my
logs to see if it's in there. Maybe it's time to add some form of HIDS.
There are also tools to monitor file changes. I'm all in favor of
security but there's a trade off between security and management over
head. To much security means to much work. It could also keep you out of
your own system. I've done that before.
At the moment I'm running the following services
1. Web server ( apache )
2. SSH ( key only access )
3. FTP ( I think it's pure ftp )
For now I think I'm safe. I think!
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu May 26 10:19:11 2005
This archive was generated by hypermail 2.1.8 : Thu May 26 2005 - 10:19:12 AKDT