It was bound to happen - suspected hack
Frank Wiles
frank at wiles.org
Thu Oct 21 11:04:09 CDT 2004
On Thu, 21 Oct 2004 11:02:31 -0500
Dave Hull <dphull at insipid.com> wrote:
> Quoting Brian Kelsay <Brian.Kelsay at kcc.usda.gov>:
>
> > Block the IPs of the attackers specifically in your iptables rules.
> > Make sure the users that they attempted to log on w/ are disabled,
> > password changed or non-real users. Change root password. It looks
> > like you are already working to allow only your IP to ssh, that's
> > good.
>
> There used to be an application called "Port Sentry" that I ran back
> in the RH 6.2 days. Port Sentry would monitor all incoming connections
> and would add a deny rule to hosts.deny for hosts that tried to
> connect to some port more than some given threshold. It was pretty
> handy and may even still exist.
>
> Anyone know of anything else like this? I'm too busy to google at the
> moment.
Port sentry still exists.
---------------------------------
Frank Wiles <frank at wiles.org>
http://www.wiles.org
---------------------------------
More information about the Kclug
mailing list