The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Operating Systems > Linux
being probed Fedora core 2 being probed Fedora core 2
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Linux RedHat, Ubuntu, SUSE, Fedora, Debian, Mandriva, Slackware, Gentoo linux, PCLinuxOS. All Linux questions here!

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
mysql in fedora core 4 obstinate Linux 3 04-22-2008 01:16 PM
NFS problem in Fedora Core 4 spaceace13666 Linux 0 05-30-2006 02:34 PM
Help with OpenGL in Fedora Core 4. Filth Pig Linux 3 08-26-2005 12:33 PM
Using Fedora Core 2 Quake Linux 4 10-03-2004 03:28 PM
Migrate from RH 8.0 to Fedora Core 2 Mark McWilliams Linux 3 09-28-2004 11:58 PM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 12-08-2004
dangral dangral is offline Forum Advisor  
Registered User
  
 

Join Date: Oct 2002
Posts: 699
being probed Fedora core 2
Lucky me...someone's trying to hack into my mythtv box through ssh. Can I make a policy or something similar to refuse connections from a specific IP after a certain amount of failed logins?

attached is some of the output from /var/log/messages

Quote:
Dec 5 08:12:38 localhost sshd[12129]: Did not receive identification string from ::ffff:221.162.104.14
Dec 5 08:22:09 localhost sshd[12130]: Failed password for nobody from ::ffff:221.162.104.14 port 4760 ssh2
Dec 5 08:22:12 localhost sshd[12132]: Illegal user patrick from ::ffff:221.162.104.14
Dec 5 08:22:14 localhost sshd[12132]: Failed password for illegal user patrick from ::ffff:221.162.104.14 port 4925 ssh2
Dec 5 08:22:16 localhost sshd[12134]: Illegal user patrick from ::ffff:221.162.104.14
Dec 5 08:22:19 localhost sshd[12134]: Failed password for illegal user patrick from ::ffff:221.162.104.14 port 1092 ssh2
Dec 5 08:22:24 localhost sshd[12136]: Failed password for root from ::ffff:221.162.104.14 port 1236 ssh2
Dec 5 08:22:28 localhost sshd[12138]: Failed password for root from ::ffff:221.162.104.14 port 1368 ssh2
Dec 5 08:22:33 localhost sshd[12140]: Failed password for root from ::ffff:221.162.104.14 port 1509 ssh2
Dec 5 08:22:38 localhost sshd[12142]: Failed password for root from ::ffff:221.162.104.14 port 1635 ssh2
Dec 5 08:22:43 localhost sshd[12144]: Failed password for root from ::ffff:221.162.104.14 port 1780 ssh2
Dec 5 08:22:45 localhost sshd[12146]: Illegal user rolo from ::ffff:221.162.104.14
Dec 5 08:22:48 localhost sshd[12146]: Failed password for illegal user rolo from ::ffff:221.162.104.14 port 1902 ssh2
Dec 5 08:22:50 localhost sshd[12148]: Illegal user iceuser from ::ffff:221.162.104.14
Dec 5 08:22:52 localhost sshd[12148]: Failed password for illegal user iceuser from ::ffff:221.162.104.14 port 2042 ssh2
Dec 5 08:22:55 localhost sshd[12150]: Illegal user horde from ::ffff:221.162.104.14
Dec 5 08:22:57 localhost sshd[12150]: Failed password for illegal user horde from ::ffff:221.162.104.14 port 2182 ssh2
Dec 5 08:22:59 localhost sshd[12152]: Illegal user cyrus from ::ffff:221.162.104.14
Dec 5 08:23:02 localhost sshd[12152]: Failed password for illegal user cyrus from ::ffff:221.162.104.14 port 2322 ssh2
Dec 5 08:23:04 localhost sshd[12154]: Illegal user www from ::ffff:221.162.104.14
Dec 5 08:23:06 localhost sshd[12154]: Failed password for illegal user www from ::ffff:221.162.104.14 port 2447 ssh2
Dec 5 08:23:09 localhost sshd[12156]: Illegal user wwwrun from ::ffff:221.162.104.14
  #2 (permalink)  
Old 12-09-2004
rogier77 rogier77 is offline
Registered User
  
 

Join Date: Sep 2003
Posts: 20
not sure but:
I've been reading about Linux security lately, and I believe you might be able to use the standard Linux firewall (ipchanes? / iptables?) to allow acces to certain ports from certain IP adresses and deny all others. If your woried, deny all for now and allow some other things once your familiar with the material.
I'm sorry, I'm not able to help you more...
  #3 (permalink)  
Old 12-09-2004
zazzybob's Avatar
zazzybob zazzybob is offline Forum Advisor  
Registered Geek
  
 

Join Date: Dec 2003
Location: Melbourne, Australia
Posts: 2,100
Even though it's not a fix in the short term, you might also want to report this clown (dates/times/IP address/log output) to
ip@ns.kornet.net

It would appear that the IP is assigned by KORNET (Korea).

EDIT: If you want to quickly get iptables/ipchains up and running (and are using KDE - might have to install it from RPM using Fedora as Gnome is standard - should be on distro media, if not yum for it) try GuardDog.

Hope you put a stop to it quickly - there are some mindless individuals out there. Good luck

Cheers
ZB
Sponsored Links
Closed Thread

Bookmarks

« Some problem about usb mass storage device | Ddns »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 08:12 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0