Re: increasing failed sshd logins/clearing breadcrumb trails

From: Glenn Sieb (ges+lists_at_wingfoot.org)
Date: 09/15/04

  • Next message: Gerard Samuel: "Re: BIND9 REPLACE BASE BIND8" 
    Date: Wed, 15 Sep 2004 00:21:14 -0400
To: Tim Aslat <tim@spyderweb.com.au>, freebsd-questions@freebsd.org

    Tim Aslat said the following on 9/14/2004 10:51 PM:

    >In the immortal words of Glenn Sieb <ges+lists@wingfoot.org>...
    >
    >
    >>I've been getting this for weeks. They're all under APNIC, and emails
    >>to abuse@the involved networks has gone unanswered.
    >>
    >>
    >
    >I've been getting these as well, but from a multitude of address spaces.
    > Not just APNIC.
    >
    >
    I should have been clearer--the ones coming in on *my* server have all
    been from APNIC :-/

    >Agreed. However if you 'Absolutely' require something to be done
    >remotely as root, make it a pub/priv key sequence and limit the command
    >using the keys.
    >
    *nod* But I really can't think of any reason to have an exposed machine
    allow a direct-root login... Probably I just haven't had that particular
    need or experience yet...

    But with protected machines? Sure--at my old job (at Lumeta) we had our
    "one trusted" machine which was allowed to ssh as root (using keys only)
    to our internal machines. For purposes of pushes/pulls/upgrades/stuff
    along those lines.

    >Very sane practice
    >
    >
    *nod* I'd like to think Tal rubbed off on me a bit :)

    >It is possible that the box was compromised and the utmp/wtmp log
    >removed/edited/etc, and I would start looking immediately for other
    >traces of a possible intrusion.
    >
    >
    *nod* Hopefully he wasn't hacked--that would be major suckage :-/

    Best,
    Glenn 

    -- 
"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety.  
          ~Benjamin Franklin, Historical Review of Pennsylvania, 1759
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Gerard Samuel: "Re: BIND9 REPLACE BASE BIND8"

    Relevant Pages

    • Re: Why we are unable to distinguish faces of other races
      ... merely a nod to the denigrating expression "they all look the same." ... misinformed farmers can recognise individuals of their livestock as ... "They that can give up essential liberty to obtain a little temporary ... safety deserve neither liberty nor safety." ...
      (talk.origins)
    • Re: Valid Product Keys for Windows XP SP2 Professional Volume License Edition
      ... I didn't get these keys myself, i found them on the Internet. ... you got thousands of website, forums, irc chat log.... ... They that can give up essential liberty to obtain a little temporary ... safety deserve neither liberty nor safety. ...
      (microsoft.public.windowsxp.general)
    • Re: Valid Product Keys for Windows XP SP2 Professional Volume License Edition
      ... These keys have been reported few times in June, ... But why did you re-post those keys? ... They that can give up essential liberty to obtain a little temporary ... safety deserve neither liberty nor safety. ...
      (microsoft.public.windowsxp.general)
    • Re: Changing or deleating a start up page
      ... be caused by an entry in these same keys that starts with a " / ." ... How to Troubleshoot By Using the Msconfig Utility in Windows XP ... They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. ...
      (microsoft.public.windowsxp.basics)
    • Re: system 32
      ... be caused by an entry in these same keys that starts with a " / ." ... How to Troubleshoot By Using the Msconfig Utility in Windows XP ... They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. ...
      (microsoft.public.windowsxp.basics)
    Loading