On Fri, Oct 28, 2005 at 11:34:35AM +0800, Ronald Wiplinger wrote:
I am always amazed how fast hacker attempts are on a new installed machine.
I'm not.
I install the machine, plug in the Ethernet cable and within 1 hour I see messages, like:
sshd: Invalid user ftpd from 61.243.232.22
SSHd is blocked by default on SUSE.... Why are you running it? My guess.... You shut off the firewall or told it to allow SSH?..... The firewall is on by default now, and you can updatebefore the machine is even fully booted... You really should give more info than this. It sounds like you turned off the firewall, or told it to allow SSH, and for somereason someon found your IP, which is weird, do you run a server?
or a combination of: sshd: Invalid user guest from 210.117.180.111 sshd: Address 210.117.180.111 maps to dalmuri.chonbuk.ac.kr, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
What is the difference of these two attacks?
Someone on that 210 IP is trying to log in as "guest" and like a drooling half wit doesn't realise Windows is one of like.... OK Windows actually has a guest account, and that Linux doesn't, and that Windows doesn't have an SSHd..... Wow this dude is dumb. Do a whois on the IP, mail abuse with your logs.
Most anoying is now that the ethernet port reports into /var/log/messages:
kernel: eth0: link down kernel: eth0: link up kernel: eth0: link down
(up to down in the same second, two seconds later up again, ......)
I have tried to use another IP address, but it keeps the same. What can I do now? Only to plug out the cable stops it.
(and yes, I agree that hacker attempts should be jailed, ... hehehehe - or like I read once, they should be hung up on their balls -- or whatever!)
Yea, you don't want hackers running around creating Linux, BSD, and TCP/IP so you can bitch about them over it ...
bye
Ronald Wiplinger
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com