[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Wed, 14 Dec 2005 09:11:06 -0500 -->
- <!--x-from-r13: wxvaarl ng ybpnyargfbyhgvbaf.pbz (Xnzrf B. Yvaarl WWW) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Hack of the month... -->
- <li><em>date</em>: Wed, 14 Dec 2005 09:11:06 -0500</li>
- <li><em>from</em>: jkinney at localnetsolutions.com (James P. Kinney III)</li>
- <li><em>in-reply-to</em>: <<a href="msg00175.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00170.html">[email protected]</a>> <<a href="msg00174.html">[email protected]</a>> <<a href="msg00175.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Hack of the month...</li>
It depends on what the system is doing that is being attacked. If it is
a financial system that could divulge personal info and cause much grief
(i.e. - lawsuit) then only allow ssh from specific IP addresses AND
require key access AND block password access AND log all other attempts
in iptables AND document the attempts and forward them to the upstream
provider of the would-be cracker.
Due to the native power of a *nix system (as compared to a windblowz) I
consider them to all be pretty much munitions grade hardware and as
such, ANY AND ALL unauthorized access or use is treated as a serious
criminal trespass.
All edge systems need something like Tripwire for integrity checks and
they must be used (i.e. verified against a known good record) daily.
Policy: All attempts to gain access by unauthorized persons should be
reported to the ISP of the unauthorized person with suitable legalize
documentation demanding follow-up communication about what the ISP did
and to whom.
>
> On Wed, 2005-12-14 at 07:52 -0500, Paul Cartwright wrote:
> > On Wed December 14 2005 7:40 am, Christopher Fowler wrote:
> > > What is the attempt here and how are they attempting?
> > >
> > > Dec 14 02:58:10 209.168.246.231 authpriv.info sshd[194]: Invalid
> > > user testing from 68.120.97.218
> > > Dec 14 02:58:10 209.168.246.231 authpriv.err sshd[194]: error: Could
> > > not get shadow information for NOUSER
> > > Dec 14 02:58:10 209.168.246.231 authpriv.info sshd[194]: Failed
> > > password for invalid user testing from 68.120.97.218 port 59698 ssh2
> >
> > arin whois: <a rel="nofollow" href="http://ws.arin.net/cgi-bin/whois.pl";>http://ws.arin.net/cgi-bin/whois.pl</a>
> >
> > shows that as an SBC user, you might want to report your logfile to :
> >
> > OrgAbuseHandle: ABUSE6-ARIN
> > OrgAbuseName: Abuse - Southwestern Bell Internet
> > OrgAbusePhone: +1-800-648-1626
> > OrgAbuseEmail: abuse at sbcglobal.net
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
<a rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00189" href="msg00189.html">[ale] Hack of the month...</a></strong>
<ul><li><em>From:</em> adrin at bellsouth.net (H. A. Story)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00170" href="msg00170.html">[ale] Hack of the month...</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00174" href="msg00174.html">[ale] Hack of the month...</a></strong>
<ul><li><em>From:</em> paul_tbot at pcartwright.com (Paul Cartwright)</li></ul></li>
<li><strong><a name="00175" href="msg00175.html">[ale] Hack of the month...</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00178.html">[ale] Hack of the month...</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00180.html">[ale] SuSE update</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00175.html">[ale] Hack of the month...</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00189.html">[ale] Hack of the month...</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00179"><strong>Date</strong></a></li>
<li><a href="threads.html#00179"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>