It was bound to happen - suspected hack
Dave Hull
dphull at insipid.com
Thu Oct 21 11:02:31 CDT 2004
Quoting Brian Kelsay <Brian.Kelsay at kcc.usda.gov>:
> Block the IPs of the attackers specifically in your iptables rules. Make
> sure the users that they attempted to log on w/ are disabled, password
> changed or non-real users. Change root password. It looks like you are
> already working to allow only your IP to ssh, that's good.
There used to be an application called "Port Sentry" that I ran back in the RH
6.2 days. Port Sentry would monitor all incoming connections and would add a
deny rule to hosts.deny for hosts that tried to connect to some port more than
some given threshold. It was pretty handy and may even still exist.
Anyone know of anything else like this? I'm too busy to google at the moment.
--
Dave Hull
http://insipid.com
More information about the Kclug
mailing list