Mailinglist Archive: opensuse (4570 mails)

< Previous Next >
Re: [SLE] I this host ssh'ed to one of my systems
  • From: Steve Graegert <graegerts@xxxxxxxxx>
  • Date: Sat, 19 Nov 2005 23:56:25 +0000 (UTC)
  • Message-id: <6a00c8d50511191556x7326502aqe63eaa28262936d3@xxxxxxxxxxxxxx>
On 11/20/05, Anders Johansson <andjoh@xxxxxxxxxx> wrote:
> Steve Graegert wrote:
> > Although English is not my mother tongue, the word comprehendible
> > translates to the German "verständlich" or "deutlich". This is what
> > dictionary.reference.com
> > (http://dictionary.reference.com/search?q=comprehendible&db=*) says:
> >
> > com·pre·hend
> > Pronunciation Key (kmpr-hnd)
> > tr.v. com·pre·hend·ed, com·pre·hend·ing, com·pre·hends
> >
> > 1. To take in the meaning, nature, or importance of; grasp. See
> > Synonyms at apprehend.
> > 2. To take in as a part; include. See Synonyms at include.
> >
> >
> > [Middle English comprehenden, from Latin comprehendere : com-, com- +
> > prehendere, to grasp; see ghend- in Indo-European Roots.]
> >
> > compre·hendi·ble adj.
> > compre·hending·ly adv.
> >
>
> I stand corrected, it exists. But that doesn't mean it should be used
> (which, in my humble opinion, it shouldn't)
> > And now back to discussion. What is it about the unauthorized SSH
> > connection attempts?
> >
>
> Nothing. People trying, people scanning, it's just life on the internet.
> Don't use weak passwords, and make sure you keep up to date with
> security patching

I am completely aware of it. Most of the connection attempts we are
observing are requests to our mail services trying to relay mail.
Port scans are logged and traced down if possible. Not suprisingly is
that most scans are performed by zombies or even an army of zombies
running some probably hacked Windows. This situation got worse of the
years and there are no indications of an improvement in the future.

BTW: we have set up some honeypots in the DMZ just out of curiosity.
It's extremely interesting to whatch how various attacks are taken
out.

> Then again, with the complete lack of information in the original mail,
> for all we know it could be someone trying to log on to a machine he is
> authorised to use and simply mistyped the IP address. I've done that
> many times

I actually hoped to read an answer from the OP providing some details
to give practical advice if desired.

\Steve

--

Steve Graegert <graegerts@xxxxxxxxx>
Software Consultant {C/C++ && Java && .NET}
Office: +49 9131 7123988
Mobile: +49 1520 9289212

< Previous Next >