* FAQ    * Search  * Register * Login 
Active topics
Unanswered topics

All times are UTC-06:00



Post new topic  Reply to topic  [ 5 posts ] 
Author Message
 Post subject: [ssh] When the chinese attack
PostPosted: Tue Jan 29, 2013 11:17 am 
Offline
DBB Artist
DBB Artist
User avatar

Joined: Mon Aug 01, 2005 8:47 am
Posts: 7124
Location: Ơ̸̦͇̲̬̭̱̰͎̞͈̣͎͚̳ͬ͋̃̀̇͊͂͋͐ͦ̽ͣ̂ͥ͊̅̀̚͠ B̶͖̯͉̜̰̲̓̔͋̈́ͅ È̯ Y̪̤̼͉̠̙͝
I just watched my friend's ubuntu server get a brute-force style attack over ssh. They never got "Accepted" in the auth.log. They were using different IP addresses, all from China. I shut down the server.

We were just using a password for ssh, but now I'm going to switch to a proper ssh key. This is fun.

_________________
s☼-£♦и̫͍ͥ̍ͪ͌̓͗͡о̡̹̱͊̅ͮ̓̕͢б̧̝̻̪̤̳̜͐̓̉ͤ͢͜ ͙̬͙̆̑ͮ̐ͭ̾̂́͘i̎̌̾̓̽̀̈̓̀҉͉̙̦͎̘̝͕f̻͕͔̘ͣͣ̓͊̿͢͜ ͍͔͈͕̮̫ͣ̆ͮ̊͋/♂6Æ!♪╩"▲L└уͭ̂͐̇҉̴̣̼̞̠̯͓̺̞ф̜̊͌̈́̋̏̐́ц̨͔̮̿̇ ̨̛͖̙͖̖̮̗̱ͩ̆͞ͅа̥͇̞̖͚̟̅͐ͤ͞͠͠э̜̘̩̳̬͔̾ͯ̀ͫ̒̐̿ͅͅг̭̖̀ͦ̒̑ͥ̌ͮͫ͞ё͔̟̃ͬ̾̓͟ё̦̞̙̫͔̩͑̀͂ͯ̄̔̃̑̀͠ͅͅ


Top
   
 Post subject: Re: [ssh] When the chinese attack
PostPosted: Thu Jan 31, 2013 6:46 am 
Offline
DBB Benefactor
DBB Benefactor
User avatar

Joined: Thu Sep 02, 1999 2:01 am
Posts: 4434
Yeah...

I've been repeatedly pinged by Chinese IP addresses. Lock 'er down... I have mine set to only allow key authentication. Also consider moving the port...

_________________
Arch Linux x86-64, Openbox
"We'll just set a new course for that empty region over there, near that blackish, holeish thing. " Zapp Brannigan


Top
   
 Post subject: Re: [ssh] When the chinese attack
PostPosted: Thu Jan 31, 2013 9:05 am 
Offline
DBB Artist
DBB Artist
User avatar

Joined: Mon Aug 01, 2005 8:47 am
Posts: 7124
Location: Ơ̸̦͇̲̬̭̱̰͎̞͈̣͎͚̳ͬ͋̃̀̇͊͂͋͐ͦ̽ͣ̂ͥ͊̅̀̚͠ B̶͖̯͉̜̰̲̓̔͋̈́ͅ È̯ Y̪̤̼͉̠̙͝
That sounds like a good idea. It was weird reading the log. They tried a random username and tried to see if I had an Oracle database installed.

Then they just opened and closed the session repeatedly, but without trying any passwords. I'm wondering if Ubuntu just black-listed them.

_________________
s☼-£♦и̫͍ͥ̍ͪ͌̓͗͡о̡̹̱͊̅ͮ̓̕͢б̧̝̻̪̤̳̜͐̓̉ͤ͢͜ ͙̬͙̆̑ͮ̐ͭ̾̂́͘i̎̌̾̓̽̀̈̓̀҉͉̙̦͎̘̝͕f̻͕͔̘ͣͣ̓͊̿͢͜ ͍͔͈͕̮̫ͣ̆ͮ̊͋/♂6Æ!♪╩"▲L└уͭ̂͐̇҉̴̣̼̞̠̯͓̺̞ф̜̊͌̈́̋̏̐́ц̨͔̮̿̇ ̨̛͖̙͖̖̮̗̱ͩ̆͞ͅа̥͇̞̖͚̟̅͐ͤ͞͠͠э̜̘̩̳̬͔̾ͯ̀ͫ̒̐̿ͅͅг̭̖̀ͦ̒̑ͥ̌ͮͫ͞ё͔̟̃ͬ̾̓͟ё̦̞̙̫͔̩͑̀͂ͯ̄̔̃̑̀͠ͅͅ


Top
   
 Post subject: Re: [ssh] When the chinese attack
PostPosted: Thu Jan 31, 2013 9:50 pm 
Offline
DBB Master
DBB Master
User avatar

Joined: Sun Sep 05, 1999 2:01 am
Posts: 6377
Location: ☃☃☃
Passwords are fine *if* they are all strong, but the advantage of keys is that you don't have to worry about "choosing" one... the entropy pool does a good enough job. :P


Top
   
 Post subject: Re: [ssh] When the chinese attack
PostPosted: Fri Feb 01, 2013 12:30 pm 
Offline
DBB Artist
DBB Artist
User avatar

Joined: Mon Aug 01, 2005 8:47 am
Posts: 7124
Location: Ơ̸̦͇̲̬̭̱̰͎̞͈̣͎͚̳ͬ͋̃̀̇͊͂͋͐ͦ̽ͣ̂ͥ͊̅̀̚͠ B̶͖̯͉̜̰̲̓̔͋̈́ͅ È̯ Y̪̤̼͉̠̙͝
Yeah, plus I believe it will decrease the tremendous lag I've been experiencing, from the local and public ip (across the city @ ~17 traces)

_________________
s☼-£♦и̫͍ͥ̍ͪ͌̓͗͡о̡̹̱͊̅ͮ̓̕͢б̧̝̻̪̤̳̜͐̓̉ͤ͢͜ ͙̬͙̆̑ͮ̐ͭ̾̂́͘i̎̌̾̓̽̀̈̓̀҉͉̙̦͎̘̝͕f̻͕͔̘ͣͣ̓͊̿͢͜ ͍͔͈͕̮̫ͣ̆ͮ̊͋/♂6Æ!♪╩"▲L└уͭ̂͐̇҉̴̣̼̞̠̯͓̺̞ф̜̊͌̈́̋̏̐́ц̨͔̮̿̇ ̨̛͖̙͖̖̮̗̱ͩ̆͞ͅа̥͇̞̖͚̟̅͐ͤ͞͠͠э̜̘̩̳̬͔̾ͯ̀ͫ̒̐̿ͅͅг̭̖̀ͦ̒̑ͥ̌ͮͫ͞ё͔̟̃ͬ̾̓͟ё̦̞̙̫͔̩͑̀͂ͯ̄̔̃̑̀͠ͅͅ


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC-06:00


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  



Descent'rs have piloted these pages
 
The layout and contents contained within this site are © DescentBB.net 1997-2006.
Descent, Descent II are © Parallax Software Corporation.
Descent III is Outrage Entertainment.
Descent is a Trademark of Interplay Productions.

Miner Wars™ is trademark of Keen Software House s. r. o.
.


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group