From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FnIq3-0006iQ-0d for garchives@archives.gentoo.org; Mon, 05 Jun 2006 17:26:03 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k55HN1i5013052; Mon, 5 Jun 2006 17:23:01 GMT Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.195]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k55HBr2h003975 for ; Mon, 5 Jun 2006 17:12:16 GMT Received: by nz-out-0102.google.com with SMTP id z3so1009814nzf for ; Mon, 05 Jun 2006 10:12:16 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=SzMDpIcRtekr8vnAbZoC53Cu4BC3Nd0yM0CNDIxOiJLWZ5hwYD++hYAYV//bskfvcmyOOW7Pv5kegpI+jb3qCoJArgX09etSE9CBzNwoq/IGVpFBVLDDIJEhhiJhIiqqVqteByBfTRL/KOUi2ExfCshFNbDej5PnalyEp/xecOA= Received: by 10.36.37.12 with SMTP id k12mr6646408nzk; Mon, 05 Jun 2006 10:12:16 -0700 (PDT) Received: by 10.37.20.28 with HTTP; Mon, 5 Jun 2006 10:12:16 -0700 (PDT) Message-ID: <5bc4c4570606051012y5b12fee2g63c1f657f0f35978@mail.gmail.com> Date: Mon, 5 Jun 2006 14:12:16 -0300 From: "Leandro Melo de Sales" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH authentication attempts - serious issue In-Reply-To: <5bc4c4570606051011x50bb6437o61fc4f514f057049@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <5bc4c4570606050806w6497ae95x6164274b3cc33b3e@mail.gmail.com> <1149525108.20102.43.camel@sysconcept.ca> <5bc4c4570606051011x50bb6437o61fc4f514f057049@mail.gmail.com> X-Archives-Salt: fb218b08-b172-41f9-ae6d-2ffb1f2552db X-Archives-Hash: d82d673f40f846cfd0247efc10eec63b 2006/6/5, Leandro Melo de Sales : > Yes, but how can I do it? > > 2006/6/5, Joseph : > > Try port knocking. It is very effective. > > Your ssh port will be closed until you successfully hit certain number > > of ports and even though the ssh port will be open only to the IP > > address that successfully opened the port all others will see ssh port > > as closed. > > > > -- > > #Joseph > > > > On Mon, 2006-06-05 at 12:06 -0300, Leandro Melo de Sales wrote: > > > Hi, > > > > > > today when I was checking the server log I got many external > > > attempts to connect to my sshd service: > > > > > > ... > > > Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z > > > Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb from x.y.w.z > > > Jun 5 05:09:48 embedded sshd[4744]: Invalid user barbie from x.y.w.z > > > Jun 5 05:09:50 embedded sshd[4746]: Invalid user barbra from x.y.w.z > > > Jun 5 05:09:51 embedded sshd[4748]: Invalid user barman from x.y.w.z > > > Jun 5 05:09:53 embedded sshd[4750]: Invalid user barney from x.y.w.z > > > ... > > > > -- > > gentoo-user@gentoo.org mailing list > > > > I mean, setup it! -- gentoo-user@gentoo.org mailing list