From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user-return-95093-arch-gentoo-user=gentoo.org@lists.gentoo.org>
Received: (qmail 21259 invoked from network); 6 Dec 2004 21:45:41 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 6 Dec 2004 21:45:41 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CbQft-0005Km-HM
	for arch-gentoo-user@lists.gentoo.org; Mon, 06 Dec 2004 21:45:41 +0000
Received: (qmail 2224 invoked by uid 89); 6 Dec 2004 21:45:24 +0000
Mailing-List: contact gentoo-user-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-user@gentoo.org>
List-Help: <mailto:gentoo-user-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
Reply-To: gentoo-user@lists.gentoo.org
X-BeenThere: gentoo-user@gentoo.org
Received: (qmail 24901 invoked from network); 6 Dec 2004 21:45:24 +0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
        b=jjqvnvH50YqdGz/uSoXhn0iEjz9Ni17hAOdtHG18QOuAeDmXg8yNokXdSvfTa+xgD2z93QPlDzoRzXHBxoVykzvLHC+3wajq5Ht2zRDHXEBoYqZ5G1Jqr3lf33W0K33pLEck7Ga/AHdVgfy1GReK+BKI9+woHn0rGo4YuMY5Lx4=
Message-ID: <8f5ca221041206134439f9f054@mail.gmail.com>
Date: Mon, 6 Dec 2004 13:44:23 -0800
From: Mike <kyphros@gmail.com>
Reply-To: Mike <kyphros@gmail.com>
To: gentoo-user@lists.gentoo.org
In-Reply-To: <200412062012.23591.mailing-gentoo@sailorferris.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <200412062012.23591.mailing-gentoo@sailorferris.com>
Subject: Re: [gentoo-user] Brutal force attack
X-Archives-Salt: 6e2f485b-0c92-419b-b8b4-2e6e7a7c4abc
X-Archives-Hash: f43c08ad5051d60b37456037da46b88f

On Mon, 6 Dec 2004 20:12:19 +0100, Luigi Pinna
<mailing-gentoo@sailorferris.com> wrote:
> I read now from my logs that there is someone who try to login in my
> computer.
> He uses always dynamic ip address or in every case he changes his ip
> everyday.
> What can I do?
> I have all the ip but it is first time that I see an attack versus me
> Thanks for the tips
> Luigi

If they are trying to login via ssh, and you don't need remote ssh
access, turn off sshd. If you do need remote access, see if you can
limit the allowed addresses. At home, I have sshd configured to only
allow access from work, which is reasonably expected to be me.

Mike

--
gentoo-user@gentoo.org mailing list