RE: [PLUG] Increase in SSH break-in attempts?

Chris on 26 Apr 2005 15:38:49 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] Increase in SSH break-in attempts?

From: "Chris" <chris@chrisbovasso.com>

To: <art.alexion@verizon.net>, "'Philadelphia Linux User's Group Discussion List'" <plug@lists.phillylinux.org>

Subject: RE: [PLUG] Increase in SSH break-in attempts?

Date: Tue, 26 Apr 2005 11:38:48 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Assuming you are using sudo to alleviate having to give out the root password I suppose you would be more susceptible to an attack if the attacker knows a login that is configured in /etc/sudoers. I think that is a lot to assume the attacker knows but I suppose it does open you up a bit more then just using su. At least as far as I know, anyone want to elaborate or drop some knowledge on us? I am always up for learning something new. -----Original Message----- From: plug-bounces@lists.phillylinux.org [mailto:plug-bounces@lists.phillylinux.org] On Behalf Of Art Alexion Sent: Tuesday, April 26, 2005 11:28 AM To: Philadelphia Linux User's Group Discussion List Subject: Re: [PLUG] Increase in SSH break-in attempts? I have a system that uses 'sudo <command>' instead of 'su', though I have created a real root account in addition. Does this create a greater risk for root break-ins? Chris wrote: >I always thought this was rather common. When I check our logs I see 30 or >40 attempts within a minute trying random usernames about once or twice a >day. So far I have chalked it up to script kiddies or some other vein >attempt to find an easy way inside. I was surprised to learn our webhost >(Verio) just recently is disabling remote root login over SSH. Thankfully we >already standardized disabling our root logins but I would hate to think of >all those people who didn't AND have easily cracked usernames/passwords. > > >Chris. > >-----Original Message----- >From: plug-bounces@lists.phillylinux.org >[mailto:plug-bounces@lists.phillylinux.org] On Behalf Of Mike Leone >Sent: Tuesday, April 26, 2005 10:11 AM >To: PLUG ML >Subject: [PLUG] Increase in SSH break-in attempts? > >Anybody else noticing an increase lately, in the number of break-in attempts >via SSH? I'm seeing more and more things like this, over the last few weeks: > > -- _______________________________________ Art Alexion Arthur S. Alexion LLC arthur [at] alexion [dot] com aim: aalexion sms: 2679725536 [at] messaging [dot] sprintpcs [dot] com PGP fingerprint: 52A4 B10C AA73 096F A661 92D2 3B65 8EAC ACC5 BA7A The attachment -- signature.asc -- is my electronic signature; no need for alarm. Info @ http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html Key for signed PDFs available at http://mysite.verizon.net/art.alexion/encryption/ArthurSAlexion.p7c The validation string is TTJY-ZILJ-BJJG. ________________________________________ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Increase in SSH break-in attempts?
From: Stephen Gran <steve@lobefin.net>

Prev by Date: Re: [PLUG] Increase in SSH break-in attempts?

Next by Date: Re: [PLUG] Increase in SSH break-in attempts?

Previous by thread: Re: [PLUG] Increase in SSH break-in attempts?

Next by thread: Re: [PLUG] Increase in SSH break-in attempts?

Index(es):

Date

Thread