[lug] Should I worry about: attempted hacks on boxes?
Eric Peers
eric_peers at yahoo.com
Sun Jul 6 13:30:56 MDT 2003
I've got a box on the web which is not publicly
advertised at this point. But it looks like folks are
trying to hack it. I've seen weird http requests (code
red), and attempted logins for ssh. Is there anything
I should do besides for read my logs periodically for
this sort of activity? Is there a good toolkit that
checksums major binaries to see if a system has been
compromised?
Do these look enough like attempted hacks? I've
obviously turned off root logins to my box and
disabled most other ports (ftp, telnet).
[log]# more secure.1
Jul 1 03:57:06 iceaxe sshd[642]: Did not receive
identification string from 80.55.196.26
Jul 1 04:00:24 iceaxe sshd[654]: Did not receive
identification string from 80.55.196.26
Jul 3 22:01:15 iceaxe sshd[13243]: Did not receive
identification string from 211.152.64.13
the first logins are from a machine in poland. The 2nd
is from somewhere in china? Me & my girlfriend are the
only ones logging into the box right now, and I know
we're not in china or poland. Should I worry about
these?
--eric
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
More information about the LUG
mailing list