similar to: Need urgent help regarding security

Message-ID: <479F2A63.2070408 at centos.org> On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <johnny at centos.org> Subject Was: [CentOS] Unknown rootkit causes compromised servers > > SOME of the script kiddies check higher ports for SSH *_BUT_* I only see > 4% of the brute force attempts to login on ports other than 22. > > I would say that dropping brute force

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

We have been noticing flurries of sshd reject messages in which some system out there in the hinterlands hits us with a flood of ssh login attempts. An example: Apr 6 05:41:51 dc sshd[88763]: Did not receive identification string from 67.19.58.170 Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal user anonymous Apr 6 05:49:42 dc sshd[12389]: Failed password for illegal user

On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > On 02/13/2015 09:15 AM, Chris Adams wrote: > > Yeah, the old "move stuff to alternate ports" thing is largely a waste > > of time and just makes it more difficult for legitimate use. With > > large bot networks and tools like zmap, finding services on alternate > > ports is not that hard for the

just wanted to get some feedback from the community. Over the last few days I have noticed my web server and email box have attempted to ssh'd to using weird names like admin,appuser,nobody,etc.... None of these are valid users. I know that I can block sshd all together with iptables but that will not work for us. I did a little research on google and found programs like sshguard and

I've had ipf working on a few 5.3 servers for quite awhile. Not too long ago some developers had to do some coding work and were coming from dynamic IP's. I (reluctantly) opened up SSH to the world. Immediately I started seeing the attacks where bots of some sort would try to break in with a variety of different users. So, I (thought) I closed it up again and told the developers to use a

Hi, Is there a security problem with ssh that I've missed??? Ik keep getting these hords of: Failed password for root from 69.242.5.195 port 39239 ssh2 with all kinds of different source addresses. They have a shot or 15 and then they are of again, but a little later on they're back and keep clogging my logs. Is there a "easy" way of getting these ip-numbers added to

So far, OpenVPN has been working very well for me. Unfortunately, the iPhone doesn't have (yet?) an OpenVPN client, so I'm forced to work with what's available. The options are: L2TP, PPTP and IPSec. If you were to install a VPN endpoint on CentOS, which protocol would you prefer? The condition is to avoid shabby VPN servers that make the system less secure. I've seen some

In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and other data out. When you start SSH on port 22 it is done with root privileges because the root user is the only one that can use ports below 1024. Root is the only user that can listen to that port or do

> On Jul 28, 2015, at 21:52 , Steffan Cline <steffan at hldns.com> wrote: > > Ok, I think I have come a little further. > > When dovecot stops accepting connections, I checked netstat and found this: > > [root at hosting1 ~]# netstat -an | grep 993 > tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN > tcp 0 0

Hello everyone, As I am new to the asterisk community (although have been on the list reading for about 6 months) I wanted to see what users would recommend for security to protect several asterisk/ vicidial servers over a fiber connection. Currently I have a managed switch (Tellabs 8813-310) from time warner but I am having intrusion issues on my linux server which I think are contributing

Any BFD/AFP softwares available for FreeBSD 4.10? Im getting flooded with ssh and ftp attempts.

Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence

Gang, For months now, we're all seeing repeated bruteforce attempts on SSH. I've configured my pf install to ratelimit TCP connections to port 22 and to automatically add IP-addresses that connect too fast to a table that's filtered: table <lamers> { } block quick from <lamers> to any pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 modulate

On Mon, 2019-05-13 at 16:20 -0400, Bee.Lists wrote: > > On May 13, 2019, at 2:46 PM, Pete Biggs <pete at biggs.org.uk> wrote: > > > > > First, the ~ which might not apply to root. > > > > Why do you think that? '~' is just shell shorthand for user's home > > directory. > > root quite often isn?t recognized as a proper user.

I'm not really a programmer and I recently came across this hack to insert a short sleep statement into auth-passwd.c within sshd. It seems to quickly confuse automated dictionary attacks. I've moved sshd to higher ports but apparently the cretins are now scanning to look for that and attacking on whatever port sshd shows up on. Anyway, the link to the hack is here:

Hi, This is a froward message from tcpdump-workers mail list: === 8< ================ >8 === From: ef <blob.bb.a@gmail.com> Subject: tcpdump -z: command execution Date: Fri, 27 Aug 2010 09:33:48 +0200 To: tcpdump-workers@lists.tcpdump.org Hello, Thx for tcpdump, very valuable tool! Was looking at the new version of tcpdump a few days ago and saw this option: " -z Used in

I'm forwarding this to security@, as I'm getting no replies on ipfw@. Hope it's relevant enough for you :( ---Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Erik Paulsen Skålerud Sent: Wednesday, May 28, 2003 1:02 AM To: ipfw@freebsd.org Subject: Question about logging. Sorry for asking this, It's probably been

This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests to an internal machine that only accepts public key authentication; that

On Tuesday 23 December 2008 15:38:17 Warren Young wrote: > Michael Simpson wrote: > >> GRC reports that ports are stealthed > > > > Try www.auditmypc.com or nmap-online.com rather than grc to look for open > > ports > > What advantages do they have, in your opinion? > > >> there a better way than opening port 143? > > > > ssh tunnelling?