I this host ssh'ed to one of my systems
* James Knott
Try again in a comprehendible form.
a _little_ knowledge is a *dangerous* thing! -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On Sat, Nov 19, 2005 at 07:37:18AM -0500, James Knott wrote:
Steven T. Hatton wrote:
ns.suya.gr.jp without my permission.
Try again in a comprehendible form.
Lol, nice one. You made fun of his and spelled that wrong ;) -Allen.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Allen wrote:
On Sat, Nov 19, 2005 at 07:37:18AM -0500, James Knott wrote:
Steven T. Hatton wrote:
ns.suya.gr.jp without my permission.
Try again in a comprehendible form.
Lol, nice one. You made fun of his and spelled that wrong ;)
Ummm... That's the way Merriam-Webster spells it. "com·pre·hend·ible" "Main Entry: com·pre·hend Pronunciation: "käm-pri-'hend Function: transitive verb Etymology: Middle English, from Latin comprehendere, from com- + prehendere to grasp -- more at GET 1 : to grasp the nature, significance, or meaning of"
James Knott wrote:
Allen wrote:
On Sat, Nov 19, 2005 at 07:37:18AM -0500, James Knott wrote:
Steven T. Hatton wrote:
ns.suya.gr.jp without my permission.
Try again in a comprehendible form.
Lol, nice one. You made fun of his and spelled that wrong ;)
Ummm... That's the way Merriam-Webster spells it.
"com·pre·hend·ible"
This is incredibly OT, but the word is comprehensible, as far as I know there is no such word as comprehendible
* Anders Johansson
This is incredibly OT, but the word is comprehensible, as far as I know there is no such word as comprehendible
Thread moved to suse-ot@suse.com, answer is there./ -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On 11/20/05, Anders Johansson
James Knott wrote:
Allen wrote:
On Sat, Nov 19, 2005 at 07:37:18AM -0500, James Knott wrote:
Steven T. Hatton wrote:
ns.suya.gr.jp without my permission.
Try again in a comprehendible form.
Lol, nice one. You made fun of his and spelled that wrong ;)
Ummm... That's the way Merriam-Webster spells it.
"com·pre·hend·ible"
This is incredibly OT, but the word is comprehensible, as far as I know there is no such word as comprehendible
Although English is not my mother tongue, the word comprehendible
translates to the German "verständlich" or "deutlich". This is what
dictionary.reference.com
(http://dictionary.reference.com/search?q=comprehendible&db=*) says:
com·pre·hend
Pronunciation Key (kmpr-hnd)
tr.v. com·pre·hend·ed, com·pre·hend·ing, com·pre·hends
1. To take in the meaning, nature, or importance of; grasp. See
Synonyms at apprehend.
2. To take in as a part; include. See Synonyms at include.
[Middle English comprehenden, from Latin comprehendere : com-, com- +
prehendere, to grasp; see ghend- in Indo-European Roots.]
compre·hendi·ble adj.
compre·hending·ly adv.
And now back to discussion. What is it about the unauthorized SSH
connection attempts?
\Steve
--
Steve Graegert
Steve Graegert wrote:
Although English is not my mother tongue, the word comprehendible translates to the German "verständlich" or "deutlich". This is what dictionary.reference.com (http://dictionary.reference.com/search?q=comprehendible&db=*) says:
com·pre·hend Pronunciation Key (kmpr-hnd) tr.v. com·pre·hend·ed, com·pre·hend·ing, com·pre·hends
1. To take in the meaning, nature, or importance of; grasp. See Synonyms at apprehend. 2. To take in as a part; include. See Synonyms at include.
[Middle English comprehenden, from Latin comprehendere : com-, com- + prehendere, to grasp; see ghend- in Indo-European Roots.]
compre·hendi·ble adj. compre·hending·ly adv.
I stand corrected, it exists. But that doesn't mean it should be used (which, in my humble opinion, it shouldn't)
And now back to discussion. What is it about the unauthorized SSH connection attempts?
Nothing. People trying, people scanning, it's just life on the internet. Don't use weak passwords, and make sure you keep up to date with security patching Then again, with the complete lack of information in the original mail, for all we know it could be someone trying to log on to a machine he is authorised to use and simply mistyped the IP address. I've done that many times
On 11/20/05, Anders Johansson
Steve Graegert wrote:
Although English is not my mother tongue, the word comprehendible translates to the German "verständlich" or "deutlich". This is what dictionary.reference.com (http://dictionary.reference.com/search?q=comprehendible&db=*) says:
com·pre·hend Pronunciation Key (kmpr-hnd) tr.v. com·pre·hend·ed, com·pre·hend·ing, com·pre·hends
1. To take in the meaning, nature, or importance of; grasp. See Synonyms at apprehend. 2. To take in as a part; include. See Synonyms at include.
[Middle English comprehenden, from Latin comprehendere : com-, com- + prehendere, to grasp; see ghend- in Indo-European Roots.]
compre·hendi·ble adj. compre·hending·ly adv.
I stand corrected, it exists. But that doesn't mean it should be used (which, in my humble opinion, it shouldn't)
And now back to discussion. What is it about the unauthorized SSH connection attempts?
Nothing. People trying, people scanning, it's just life on the internet. Don't use weak passwords, and make sure you keep up to date with security patching
I am completely aware of it. Most of the connection attempts we are observing are requests to our mail services trying to relay mail. Port scans are logged and traced down if possible. Not suprisingly is that most scans are performed by zombies or even an army of zombies running some probably hacked Windows. This situation got worse of the years and there are no indications of an improvement in the future. BTW: we have set up some honeypots in the DMZ just out of curiosity. It's extremely interesting to whatch how various attacks are taken out.
Then again, with the complete lack of information in the original mail, for all we know it could be someone trying to log on to a machine he is authorised to use and simply mistyped the IP address. I've done that many times
I actually hoped to read an answer from the OP providing some details
to give practical advice if desired.
\Steve
--
Steve Graegert
On Saturday 19 November 2005 06:40 pm, Anders Johansson wrote:
Then again, with the complete lack of information in the original mail, for all we know it could be someone trying to log on to a machine he is authorised to use and simply mistyped the IP address. I've done that many times
No. This person was up to something more devious. There was an established connection and data being transfered. I do which KSnuffle were still alive. I would have been able to get a lot more information quickely. When you're dealing with issues in real time, reading the manpage on tcpdump is not an option. I didn't feel like leaving the connection established while I researched how to extract details about it. Steven
Steven T. Hatton wrote:
On Saturday 19 November 2005 06:40 pm, Anders Johansson wrote:
Then again, with the complete lack of information in the original mail, for all we know it could be someone trying to log on to a machine he is authorised to use and simply mistyped the IP address. I've done that many times
No. This person was up to something more devious. There was an established connection and data being transfered. I do which KSnuffle were still alive. I would have been able to get a lot more information quickely. When you're dealing with issues in real time, reading the manpage on tcpdump is not an option. I didn't feel like leaving the connection established while I researched how to extract details about it.
You still provide us with an astonishing lack of information. How did you determine data was being transferred without using tcpdump or similar? Were you guessing? Please, tell us how you determined this person logged in, and what exactly happened
Steven T. Hatton wrote:
On Sunday 20 November 2005 08:05 am, Anders Johansson wrote:
You still provide us with an astonishing lack of information.
I'm not sure why you find that "astonishing".
Your claim that your box got cracked while you refuse to provide any sort of indication of what makes you think so Are you just spreading FUD?
On Sunday 20 November 2005 08:57 am, Anders Johansson wrote:
Steven T. Hatton wrote:
On Sunday 20 November 2005 08:05 am, Anders Johansson wrote:
You still provide us with an astonishing lack of information.
I'm not sure why you find that "astonishing".
Your claim that your box got cracked while you refuse to provide any sort of indication of what makes you think so
Are you just spreading FUD?
Anders, Please keep this off the list. I did a netstat and saw only one connection. The harddrive was being accessed, and there was a lot of traffic going over the external network connection. Steven
On Sunday 20 November 2005 09:54 am, Steven T. Hatton wrote:
On Sunday 20 November 2005 08:57 am, Anders Johansson wrote:
Steven T. Hatton wrote:
On Sunday 20 November 2005 08:05 am, Anders Johansson wrote:
You still provide us with an astonishing lack of information.
I'm not sure why you find that "astonishing".
Your claim that your box got cracked while you refuse to provide any sort of indication of what makes you think so
Are you just spreading FUD?
Anders,
Please keep this off the list. I did a netstat and saw only one connection. The harddrive was being accessed, and there was a lot of traffic going over the external network connection.
Steven So much for relying on the list server to be properly configured. Next time I will check when I hit reply to be sure it goes where its supposed to.
* Steven T. Hatton
So much for relying on the list server to be properly configured.
Well, back to the _blame_ game. The list server is _properly_ configured. You apparently will not, or cannot properly control or configure your email client.
Next time I will check when I hit reply to be sure it goes where its supposed to.
Ah, there it is, loss of control of object in front of key board! -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On 11/20/05, Patrick Shanahan
* Steven T. Hatton
[11-20-05 11:28]: So much for relying on the list server to be properly configured.
Well, back to the _blame_ game. The list server is _properly_ configured. You apparently will not, or cannot properly control or configure your email client.
Next time I will check when I hit reply to be sure it goes where its supposed to.
Ah, there it is, loss of control of object in front of key board!
A PEBKAC?
\Steve
--
Steve Graegert
* Steve Graegert
A PEBKAC?
izzakly -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On Sunday 20 November 2005 01:23 pm, Patrick Shanahan wrote:
* Steven T. Hatton
[11-20-05 11:28]: So much for relying on the list server to be properly configured.
Well, back to the _blame_ game. The list server is _properly_ configured. You apparently will not, or cannot properly control or configure your email client.
Next time I will check when I hit reply to be sure it goes where its supposed to.
Ah, there it is, loss of control of object in front of key board! -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
I see. They've dumbed it down for people who couldn't figure out how to do a reply to list, without also filling the previous poster's inbox with an additional copy.
On Sun, 20 Nov 2005 13:23:59 -0500, Patrick Shanahan wrote:
The list server is _properly_ configured.
Well, seems that properly has more then one definition :) I at least think that automatically setting Reply-To: to the list is the wrong thing to do. One of the reasons being that I can't easily direct a mail to the list or to the one who wrote it. Philipp
On Sun, 2005-11-20 at 21:27 +0100, Philipp Thomas wrote:
On Sun, 20 Nov 2005 13:23:59 -0500, Patrick Shanahan wrote:
The list server is _properly_ configured.
Well, seems that properly has more then one definition :) I at least think that automatically setting Reply-To: to the list is the wrong thing to do. One of the reasons being that I can't easily direct a mail to the list or to the one who wrote it.
Philipp
I agree and will change my practice on this list when everyone learns how to properly reply to the list. Until that happens I will continue to use the Reply-To: set to the list address. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
On Sun, 20 Nov 2005 16:04:15 -0500, Ken Schneider wrote:
Until that happens I will continue to use the Reply-To: set to the list address.
There's a big difference between you doing it for your mails or the server doing it for all mails. I think that changing the From address to an illegal one is the better way. This works perfectly, as the list server only checks the envelope From. Philipp
On Monday 21 November 2005 03:40 am, Philipp Thomas wrote:
On Sun, 20 Nov 2005 16:04:15 -0500, Ken Schneider wrote:
Until that happens I will continue to use the Reply-To: set to the list address.
There's a big difference between you doing it for your mails or the server doing it for all mails.
I think that changing the From address to an illegal one is the better way. This works perfectly, as the list server only checks the envelope From.
Philipp
To be quite honest, I'm not sure what changed. It may be the case that recent KMail versions are behaving differently. All I know is that the same motions which in the past resulted in sending mail to the individual poster resulted in the message going to the list. I recall that in ancient times the mailing list was reconfigured to prevent repost-loops that people were using as DOS attacks. From that time until recently, when I did a simple reply, the message went to the sender. That did not happen with the message I had intended to send to Anders. I was certainly caught off guard by that behavior. Steven
On 11/20/05, Steven T. Hatton
On Sunday 20 November 2005 08:05 am, Anders Johansson wrote:
You still provide us with an astonishing lack of information.
I'm not sure why you find that "astonishing".
How are anybody supposed to help you if you don't give any info? For instance, some extracts from your logs that shows the accepted ssh login. The history of commands that the user executed after login. Then you can see what they did and if it were a cracker or not. I am not a security expert, but those are the first places I would start to look to see what is happening. Not sure if this helps -- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.za.org ~ A dinosaur is a salamander designed to Mil Spec ~
On Sunday 20 November 2005 10:56 am, Andre Truter wrote:
On 11/20/05, Steven T. Hatton
wrote: On Sunday 20 November 2005 08:05 am, Anders Johansson wrote:
You still provide us with an astonishing lack of information.
I'm not sure why you find that "astonishing".
How are anybody supposed to help you if you don't give any info?
My take on it was that he didn't want any help. Beats me why he said anything about it.
For instance, some extracts from your logs that shows the accepted ssh login.
The history of commands that the user executed after login. Then you can see what they did and if it were a cracker or not.
I am not a security expert, but those are the first places I would start to look to see what is happening.
Not sure if this helps
-- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.za.org
~ A dinosaur is a salamander designed to Mil Spec ~
Anders Johansson wrote:
James Knott wrote:
Allen wrote:
On Sat, Nov 19, 2005 at 07:37:18AM -0500, James Knott wrote:
Steven T. Hatton wrote:
ns.suya.gr.jp without my permission.
Try again in a comprehendible form.
Lol, nice one. You made fun of his and spelled that wrong ;)
Ummm... That's the way Merriam-Webster spells it.
"com·pre·hend·ible"
This is incredibly OT, but the word is comprehensible, as far as I know there is no such word as comprehendible
Well, as I mentioned, Merriam-Webster (the dictionary) disagrees. http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=comprehendible
participants (11)
-
Allen
-
Anders Johansson
-
Andre Truter
-
Bruce Marshall
-
James Knott
-
Ken Schneider
-
Patrick Shanahan
-
Per Jessen
-
Philipp Thomas
-
Steve Graegert
-
Steven T. Hatton