Thread: Linux Security References
View Single Post
Old August 12th, 2004, 3:01 AM   #1 (permalink)
nokiaxv2
Surpass Fan
Seasoned Poster
 
Joined in Jun 2004
Lives in Natchitoches, LA
Hosted on pass7
78 posts
Gave thanks: 0
Thanked 0 times
Linux Security References
Found this while browsing LinuxQuestions.org's forum:

Quote:
SSH login attempts ( post #1)

There appears to be some form of automated malware circulating around the internet in the last 2 weeks. It attempts sshd logins using simple username-password combinations. A sample scan looks like:

Jul 19 21:04:33 server sshd[28379]: Illegal user test from XXX.XXX.XXX.XXX
Jul 19 21:04:34 server sshd [28381]: Illegal user guest from XXX.XXX.XXX.XXX
Jul 19 21:04:36 server sshd[28383]: Illegal user admin from XXX.XXX.XXX.XXX
Jul 19 21:04:37 server sshd[28385]: Illegal user admin from XXX.XXX.XXX.XXX
Jul 19 21:04:38 server sshd[28387]: Illegal user user from XXX.XXX.XXX.XXX

Several reports indicate that the malicious code is a scanner designed to identify systems with weak username/passwords. Once a weak system is identified, its IP address is appended to a list for manually exploitation later on. However, the possibility of an unknown exploit has not been ruled-out.

All Linux users are recommended to implement a sensible username and password policy in order to avoid being compromised by this tool. An example of a sensible policy would be at least the use of non-dictionary, alpha-numeric+punctuation characters. Restricting sshd access to only those systems necessary will further reduce the possibility of compromise. Access restriction can be done using iptables or tcp_wrappers (hosts.allow/deny)

Further information about this tool and failed sshd logins can be found here:
http://lists.netsys.com/pipermail/f...uly/024612.html
http://dev.gentoo.org/~krispykringle/sshnotes.txt
http://isc.sans.org/diary.php?date=2004-08-04
I definitely believe if you're running your own dedicated server, you should subscribe to some sort of newsletter or newsgroup concerning Linux Security Administration. I, unfortunately, am guilty of having NOT subscribed to one, but I'll change that in the near future. When I find some good groups or lists, I’ll post them up for everyone to check out.

Interesting Linux Security Oriented Links
LinuxQuestions.org -- http://www.linuxquestions.org/questi...threadid=45261
Distributed Intrusion Detection System -- http://www.dshield.org/
Denial of Service Attacks -- http://www.cert.org/tech_tips/denial_of_service.html
Basics, important sites, HOWTO's, handbooks, hardening, tips
__________________
-( NokiaX )-


http://www.eclipse-business.com
Saprus
Dedicated

This made me "LoL"
"Unleashedgamers (5:39:21 AM): where you a script kiddie?"
nokiaxv2 is offline   Reply With Quote