Possible hacking on SSH what should I do?

ted leslie tleslie-RBVUpeUoHUc at public.gmane.org
Tue Jul 13 19:35:52 UTC 2010


Aside from ignoring it, the only "get back at them (the hackers in general)", is put 
a pause/wait on the connect to tie up their resources. If its just you and a few others accessing,
then change the sshd port (or even firewall it from only know access points), then run
all other attempts to a iptables rule that pauses them out.
 
Many years ago I did a flood ping back at them, before the days of highspeed. There was some 
satisfaction in doing that, me with high speed into my ISP, and flooding some poor B with a 
28.8 modem :) but then, there was always the chance it would falsely flood ping someone else,
so I didn't really do that for to long.

If I contacted the ISP for everyone of these I get,I'd never get any work done.


tl

On Tue, 13 Jul 2010 15:15:39 -0400
Myles Braithwaite <me-qIX3qoPyADtH8hdXm2+x1laTQe2KTcn/@public.gmane.org> wrote:

> Some one from a French IP is trying to access one of my servers:
> 
> Jul 13 15:05:30 fox sshd[1866]: reverse mapping checking getaddrinfo
> for 23-194.213-56.static-ip.oleane.fr [213.56.194.23] failed -
> POSSIBLE BREAK-IN ATTEMPT!
> 
> They probably wont be able to get in (I use only ssh keys access) but
> what is the best procedure to stop from getting further.
> 
> Should I contact the ISP?
> Should I ban him under '/etc/hosts.deny'?
> 
> -- 
> Myles Braithwaite
> http://mylesbraithwaite.com | me-qIX3qoPyADtH8hdXm2+x1laTQe2KTcn/@public.gmane.org
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> 


-- 
ted leslie <tleslie-RBVUpeUoHUc at public.gmane.org>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list