[wplug] Any tips against this kind of ssh break-in?

[Russ Schneider]

On Fri, 15 Jul 2005, Bill Moran wrote:

> On the positive side, the simple act of disabling remote access to root
> (in addition to a passwd file audit to ensure other system accounts are
> inaccessable remotely) will probably protect you from every having this
> attack used against you.  In my experience, these attacks are scripted
> and not very clever.
 
Yeah well, they did try guessing a lot of other usernames.  I didn't 
publically show those logs because the logs denote which accounts were 
valid and which were not.  I'm not sure if the attempted cracker was able 
to get that information or not.

When he/she guessed the right user (like root, which is obvious), the logs 
show "Failed password for root".  When the username used didn't exist on 
my box, the logs show "Failed password for illegal user".

 

-- 
[ Russ Schneider (a.k.a. Sugapablo)                                           ]
[ http://www.sugapablo.net <--personal | http://www.sugapablo.com  <--music   ] 
[ http://www.2ra.org      <--political | http://www.subuse.net     <--discuss ]