[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: SSH

Subject: [cobalt-security] Re: SSH
From: Ralph Forsythe <rforsythe@xxxxxxxxxxxxx>
Date: Fri, 9 Nov 2001 20:45:12 -0700 (MST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> From: "Terrance Dwyer" <td@xxxxxxxx>
> Date: Wed, 7 Nov 2001 23:40:38 -0800
> Subject: [cobalt-security] SSH
>
> Can anyone enlighten me as to the meaning of the following log messages.
> I'm seeing them with increasing frequency and can't seem to find info
> elsewhere.

Judging by those entries, someone is trying to brute-force their way into
your system by username/password guesses.  Is the hostname this is coming
from always the same?  If so, and you have a firewall or are running
tcpwrappers, block ssh from that host or network (network would be better,
that way if the "hacker" switches IP's you're still covered).  In the
meantime make sure you don't have unnecessary user accounts on your system
and that your passwords don't suck (esp the admin/root passwords).

You can also use the 'last' command to see who has successfully logged in
recently, just to make sure this person hasn't yet.

- Ralph

Follow-Ups:
- [cobalt-security] Re: SSH
  - From: william ross

Prev by Date: Re: [cobalt-security] port 1080
Next by Date: [cobalt-security] OPENSSL
Previous by thread: [cobalt-security] Re: ssh
Next by thread: [cobalt-security] Re: SSH

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index