[wplug] Breakin attempts against the nobody account
Bill Moran
wmoran at potentialtech.com
Mon Mar 28 10:41:49 EST 2005
Chris Ott <cott at acclamation.com> wrote:
>
> Drew from Zhrodague wrote:
> >
> > Remember, logs tell all, if you make sure that you are logging.
>
> Also remember: this is *only* true if the break-in attempts were
> unsuccessful or you're logging to a remote machine. Typically, the first
> thing a cracker does after they gain access is cover their tracks by
> removing their login attempts from the log.
>
> Incidently, I'm curious about whether the attempts on Bill's machine
> were from within the US. I recently had similar problems, myself, and
> all the addresses were foreign.
In this case, they were from a company that seems to be based in Florida.
Usually, they are from outside the US. My packet filter is full of rules
refusing ssh connections from outside the US.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list