[Intrusions] brute force attack - tcp wrappers and iptables nothelping?
Tim Walraven
Twalraven at counterpane.com
Fri Apr 22 13:38:00 GMT 2005
Susanne, I see your concern. Properly configured IPTables rules and
TCPWrappers should prevent this. Have you actually attempted to access
the ssh service from a host outside of the lab yourself?
Tim Walraven,CISSP,CISM,CISA
Counterpane Internet Security
-----Original Message-----
From: intrusions-bounces at lists.sans.org
[mailto:intrusions-bounces at lists.sans.org] On Behalf Of Susanne Hemker
Sent: Thursday, April 21, 2005 10:24 AM
To: intrusions at lists.sans.org
Subject: [Intrusions] brute force attack - tcp wrappers and iptables
nothelping?
Hi everybody,
somebody is trying to break into one of out workstations.
The /var/log/secure contains lots of:
Failed password for invalid user $name from ::ffff:$IP port $port
ssh2
from different IPs, ports and usernames.
Since the tcp wrappers and the iptables should not allow ssh login from
any host outside our lab, I am wondering how he/she even got to the
login. Any suggestions?
Thanks,
Susanne
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list