On Wed, Jul 18, 2007 at 07:05:44AM -0400, Richard Creighton wrote:
Marcus Meissner wrote:
On Wed, Jul 18, 2007 at 06:15:16AM -0400, Richard Creighton wrote:
Just when I thought it might have been over <frown>
First, China, then France and now Iran.....
First things first: My SysConfig settings that I ended up with from the first thread that actually got into IPTABLES
This is a SSH worm. The origin is pretty irrelevant.
Ciao, Marcus
OK, I'll bite...what worm and what can I do about it? ....and where is it coming from....from one of my systems (all Linux) or one of the destination IP's.... What defenses will work?
Well, it tries to break into your system, but is very likely not in any of your machines if you only see external ips. Since it / they have infected thousands of machines in the internet already you will see their scans from there. Good passwords, having SSH on a different port, or even disabling ssh from the outside are good help. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org