From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FnJYC-0007mV-PK for garchives@archives.gentoo.org; Mon, 05 Jun 2006 18:11:41 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k55I7rLc015817; Mon, 5 Jun 2006 18:07:53 GMT Received: from slimak.dkm.cz (smtp.dkm.cz [62.24.64.29]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k55HsGig002056 for ; Mon, 5 Jun 2006 17:54:17 GMT Received: (qmail 96651 invoked by uid 0); 5 Jun 2006 17:54:16 -0000 Received: from r5cu148.chello.upc.cz (HELO ?192.168.0.103?) (86.49.110.148) by smtp.dkm.cz with SMTP; 5 Jun 2006 17:54:16 -0000 From: Petr Uzel To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH authentication attempts - serious issue Date: Mon, 5 Jun 2006 19:54:05 +0200 User-Agent: KMail/1.9.1 References: <5bc4c4570606050806w6497ae95x6164274b3cc33b3e@mail.gmail.com> <5bc4c4570606051011x50bb6437o61fc4f514f057049@mail.gmail.com> <5bc4c4570606051012y5b12fee2g63c1f657f0f35978@mail.gmail.com> In-Reply-To: <5bc4c4570606051012y5b12fee2g63c1f657f0f35978@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart127757031.N9hZKMPxVE"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200606051954.16051.petr.uzel@centrum.cz> X-Archives-Salt: 87339654-de5b-4539-9377-3693393ea7ec X-Archives-Hash: eacb5a095ebf5f004f8960bce8396df8 --nextPart127757031.N9hZKMPxVE Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Dne pond=ECl=ED 05 =E8erven 2006 19:12 Leandro Melo de Sales napsal(a): > 2006/6/5, Leandro Melo de Sales : > > Yes, but how can I do it? > > > > 2006/6/5, Joseph : > > > Try port knocking. It is very effective. > > > Your ssh port will be closed until you successfully hit certain number > > > of ports and even though the ssh port will be open only to the IP > > > address that successfully opened the port all others will see ssh port > > > as closed. > > > > > > -- > > > #Joseph > > > > > > On Mon, 2006-06-05 at 12:06 -0300, Leandro Melo de Sales wrote: > > > > Hi, > > > > > > > > today when I was checking the server log I got many external > > > > attempts to connect to my sshd service: > > > > > > > > ... > > > > Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from > > > > x.y.w.z Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb from > > > > x.y.w.z Jun 5 05:09:48 embedded sshd[4744]: Invalid user barbie fr= om > > > > x.y.w.z Jun 5 05:09:50 embedded sshd[4746]: Invalid user barbra fr= om > > > > x.y.w.z Jun 5 05:09:51 embedded sshd[4748]: Invalid user barman fr= om > > > > x.y.w.z Jun 5 05:09:53 embedded sshd[4750]: Invalid user barney fr= om > > > > x.y.w.z ... > > > > > > -- > > > gentoo-user@gentoo.org mailing list > > I mean, setup it! Hi, this should help you : http://gentoo-wiki.com/HOWTO_Port_Knocking Works well Petr --nextPart127757031.N9hZKMPxVE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQBEhG/HnZxG0T6qDD0RAoymAJ9VwwgKMn9/AO572PvddAuTMtGV0wCdFRB/ GgXUdVNlMjV49hKkbyzUnRQ= =AybG -----END PGP SIGNATURE----- --nextPart127757031.N9hZKMPxVE-- -- gentoo-user@gentoo.org mailing list