Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Question About Sys/Sec Logs
  • From: u.rasch@xxxxxxxxxxxx
  • Date: Mon, 14 Mar 2005 22:48:06 +0100
  • Message-id: <200503142248.06200.u.rasch@xxxxxxxxxxxx>
Hi Don,

>IDs. I believe its an automated bot. If one or more of those names responded
>then they may be back with a password crack attempt.
They will be back!!!

>> connected to the 'Net. My real question is whether this indicates my
>> defenses are working, or should I be looking elsewhere for that
The question if your defense is working is hard to say. Your log only shows
that someone was trying to connect to you system.
For example:
If your are protecting that service from the outside, guess then your defense
is not working.

Changing sshd to another port doesn't really give security.
A portscan will show the open ports. You should STOP all services not needed
if your on the internet.

If you (or anyone) don't need to work over the net on your machine then you
can stop sshd.

An intrusion detection system like AIDE helps to figure out if people gained
access to your system.

Ulf


--
Real Users find the one combination of bizarre input values that shuts
down the system for days.

< Previous Next >
References