intrusion detected

Matt Patterson matt at v8zman.com
Tue Aug 9 13:10:58 UTC 2005


I should have thought of that. I do have a seperate firewall and port 22 
is the only one open to the outside world, but I have noticed a lot of 
interest in that port from my auth log. I have thought about changing 
ports but havent bothered because I use a good password on the only real 
username, root is disabled through ssh, and no other username is allowed 
an interactive login.

Thanks for the idea,
Matt


djmadkins wrote:

>For your specific ssh problem I have found a very good solution if you
>need to access SSH over the internet.
>
>
>
>I like to play with my home PC from work (which is boring) by
>connecting to my second display using vnc over ssh (putty) and
>publickey authentication, this way I can run my desktop at a
>surprisingly good speed. Even with this I still get "leEt Hax0Rs"
>trying to get into my ssh port. The solution:
>
>
>
>I use DenyHosts to scan my auth.log file every 5 minutes via cron. If
>it detects 5 incorrect login attempts from an IP it adds an SSH deny
>entry to hosts.deny which prevents that IP from connecting at all (via
>ssh). If I was paranoid I could have it issue a deny ALL instead of
>just ssh.
>
>
>
>The program is very configurable and can notify you (either via email
>or output to a file of your choosing).
>
>
>
>google DenyHosts for more information.  This is a Python script if your
>familiar with that.
>
>
>  
>





More information about the ubuntu-users mailing list