Loading ...
Sorry, an error occurred while loading the content.

Re: OpenSSH Server being hacked ???

Expand Messages
  • dlubinsk
    Hi, Take at look at my howto on port knocking...this is one of the reasons I set this up...see if it s of use to you:
    Message 1 of 10 , Nov 2, 2005
    • 0 Attachment
      Hi,
      Take at look at my howto on port knocking...this is one of
      the reasons I set this up...see if it's of use to you:

      http://www.nslu2-linux.org/wiki/HowTo/SecurityByPortKnocking

      My howto explains how to lock down ssh and gain entry when YOU want
      via knock.

      Regards,
      Don

      --- In nslu2-linux@yahoogroups.com, "wifimax" <wifimax@y...> wrote:
      >
      > I installed OpenSSH Server on my Openslug 2.7 beta and recently got
      > alot of message from /var/log/messages:
      >
      > Nov 2 09:00:17 (none) auth.info sshd[2855]: Invalid user anna from
      > 61.111.255.133
      > Nov 2 09:00:17 (none) auth.err sshd[2855]: error: Could not get
      > shadow information for NOUSER
      > Nov 2 09:00:17 (none) auth.info sshd[2855]: Failed password for
      > invalid user anna from 61.111.255.133 port 49137 ssh2
      > Nov 2 09:00:22 (none) auth.info sshd[2859]: Invalid user arthur
      from
      > 61.111.255.133
      > Nov 2 09:00:22 (none) auth.err sshd[2859]: error: Could not get
      > shadow information for NOUSER
      > Nov 2 09:00:22 (none) auth.info sshd[2859]: Failed password for
      > invalid user arthur from 61.111.255.133 port 49172 ssh2
      >
      > Does it mean my ssh server is being hacked and how can I stop these
      > messages?
      >
      > Thanks in advance
      >
    • Brian Wood
      Wow, what a great concept. I d never run into this idea before, I m impressed. The main problem is that it won t work inside a firewall. Oh well, I d been
      Message 2 of 10 , Nov 2, 2005
      • 0 Attachment
        Wow, what a great concept. I'd never run into this idea before, I'm impressed.

        The main problem is that it won't work inside a firewall. Oh well, I'd been wanting to set up a slug as a firewall anyway, but that means I need two ethernet interfaces, and I have to deal with the endian problem if I want to use the internal interface...

        Guess I'll buy a third slug to experiment with.

        Thanks for the pointer.


        On Nov 2, 2005, at 8:10 PM, dlubinsk wrote:

        Hi,
                 Take at look at my howto on port knocking...this is one of
        the reasons I set this up...see if it's of use to you:

        http://www.nslu2-linux.org/wiki/HowTo/SecurityByPortKnocking

        My howto explains how to lock down ssh and gain entry when YOU want
        via knock.

        Regards,
        Don
      • dlubinsk
        Well I get around this with a linux box as one of my firewalls; this linux box has a secondary non-routable connection to my slug (which does sit behind a
        Message 3 of 10 , Nov 2, 2005
        • 0 Attachment
          Well I get around this with a linux box as one of my firewalls; this
          linux box has a secondary non-routable connection to my slug (which
          does sit behind a hardware firewall). I "knock" my linux box which
          in turn "knocks" my slug (via the non-routable connection). This
          opens the port on my slug and away I go.

          Regards,
          Don


          > Wow, what a great concept. I'd never run into this idea before,
          I'm
          > impressed.
          >
          > The main problem is that it won't work inside a firewall. Oh
          well,
          > I'd been wanting to set up a slug as a firewall anyway, but that
          > means I need two ethernet interfaces, and I have to deal with the
          > endian problem if I want to use the internal interface...
          >
          > Guess I'll buy a third slug to experiment with.
          >
          > Thanks for the pointer.
          >
          >
          > On Nov 2, 2005, at 8:10 PM, dlubinsk wrote:
          >
          > > Hi,
          > > Take at look at my howto on port knocking...this is one
          of
          > > the reasons I set this up...see if it's of use to you:
          > >
          > > http://www.nslu2-linux.org/wiki/HowTo/SecurityByPortKnocking
          > >
          > > My howto explains how to lock down ssh and gain entry when YOU
          want
          > > via knock.
          > >
          > > Regards,
          > > Don
          >
        • Brian Wood
          Well for Linux box as one of my firewalls I want to insert slug . It seems like a natural for such a purpose if I can easily get two interfaces going. At
          Message 4 of 10 , Nov 2, 2005
          • 0 Attachment
            Well for "Linux box as one of my firewalls" I want to insert "slug".
            It seems like a natural for such a purpose if I can easily get two
            interfaces going.

            At present I'm using a commercially-available firewall box, but I
            need something I can hack on and not be limited to what the firmware
            lets me do.

            Anybody have an easy way to get two interfaces on a slug? Preferably
            using Unslung and not having to go with an entire Debian install.

            I have an old Cobalt Qube-2 (MIPS machine) with two interfaces, but
            that seems like overkill for a F/W.


            On Nov 2, 2005, at 8:54 PM, dlubinsk wrote:

            > Well I get around this with a linux box as one of my firewalls; this
            > linux box has a secondary non-routable connection to my slug (which
            > does sit behind a hardware firewall). I "knock" my linux box which
            > in turn "knocks" my slug (via the non-routable connection). This
            > opens the port on my slug and away I go.
            >
            > Regards,
            > Don
            >
          • Tommy B
            Brian Wood wrote: A Pre-production round of Lofts are heading my way. Firewalling/QoS/IDS/IPS is an area I m starting to look at.
            Message 5 of 10 , Nov 3, 2005
            • 0 Attachment
              Brian Wood wrote:

              A Pre-production round of Lofts are heading my way.
              Firewalling/QoS/IDS/IPS is an area I'm starting to look at.

              >Well for "Linux box as one of my firewalls" I want to insert "slug".
              >It seems like a natural for such a purpose if I can easily get two
              >interfaces going.
              >
              >At present I'm using a commercially-available firewall box, but I
              >need something I can hack on and not be limited to what the firmware
              >lets me do.
              >
              >Anybody have an easy way to get two interfaces on a slug? Preferably
              >using Unslung and not having to go with an entire Debian install.
              >
              >I have an old Cobalt Qube-2 (MIPS machine) with two interfaces, but
              >that seems like overkill for a F/W.
              >
              >
              >On Nov 2, 2005, at 8:54 PM, dlubinsk wrote:
              >
              >
              >
              >>Well I get around this with a linux box as one of my firewalls; this
              >>linux box has a secondary non-routable connection to my slug (which
              >>does sit behind a hardware firewall). I "knock" my linux box which
              >>in turn "knocks" my slug (via the non-routable connection). This
              >>opens the port on my slug and away I go.
              >>
              >>Regards,
              >>Don
              >>
              >>
              >>
              >
              >
              >
              >
              >Yahoo! Groups Links
              >
              >
              >
              >
              >
              >
              >
              >
              >
            • wifimax
              Thanks for all reply. I am reading and reading to find the best solution to prevent hackers login to my NSLU2 server. 1. Change port number - It might work but
              Message 6 of 10 , Nov 3, 2005
              • 0 Attachment
                Thanks for all reply. I am reading and reading to find the best
                solution to prevent hackers login to my NSLU2 server.

                1. Change port number - It might work but I think about the hackers
                can use some port scanning program to know new port.
                2. Frequently changing my login password.
                3. Create a private/public key to login instead of using password
                4. Port knocking. I have to read more about this stuff. very interesting.

                Thanks

                --- In nslu2-linux@yahoogroups.com, "dlubinsk" <dlubinsk@y...> wrote:
                >
                > Well I get around this with a linux box as one of my firewalls; this
                > linux box has a secondary non-routable connection to my slug (which
                > does sit behind a hardware firewall). I "knock" my linux box which
                > in turn "knocks" my slug (via the non-routable connection). This
                > opens the port on my slug and away I go.
                >
                > Regards,
                > Don
                >
                >
                > > Wow, what a great concept. I'd never run into this idea before,
                > I'm
                > > impressed.
                > >
                > > The main problem is that it won't work inside a firewall. Oh
                > well,
                > > I'd been wanting to set up a slug as a firewall anyway, but that
                > > means I need two ethernet interfaces, and I have to deal with the
                > > endian problem if I want to use the internal interface...
                > >
                > > Guess I'll buy a third slug to experiment with.
                > >
                > > Thanks for the pointer.
                > >
                > >
                > > On Nov 2, 2005, at 8:10 PM, dlubinsk wrote:
                > >
                > > > Hi,
                > > > Take at look at my howto on port knocking...this is one
                > of
                > > > the reasons I set this up...see if it's of use to you:
                > > >
                > > > http://www.nslu2-linux.org/wiki/HowTo/SecurityByPortKnocking
                > > >
                > > > My howto explains how to lock down ssh and gain entry when YOU
                > want
                > > > via knock.
                > > >
                > > > Regards,
                > > > Don
                > >
                >
              • jimmyfergus
                ... interesting. I d have said 1 & 3 is enough for most of us. 2 will only help if they first hacked into your remote machine, and then failed to collect your
                Message 7 of 10 , Nov 4, 2005
                • 0 Attachment
                  --- In nslu2-linux@yahoogroups.com, "wifimax" <wifimax@y...> wrote:
                  > Thanks for all reply. I am reading and reading to find the best
                  > solution to prevent hackers login to my NSLU2 server.
                  >
                  > 1. Change port number - It might work but I think about the hackers
                  > can use some port scanning program to know new port.
                  > 2. Frequently changing my login password.
                  > 3. Create a private/public key to login instead of using password
                  > 4. Port knocking. I have to read more about this stuff. very
                  interesting.

                  I'd have said 1 & 3 is enough for most of us. 2 will only help if
                  they first hacked into your remote machine, and then failed to collect
                  your private key when they harvested your password.

                  Anyway, changing the port number will be effective unless someone is
                  determined to target *you* specifically. Most of the attacks are
                  scripts looking for the easiest targets. They're unlikely to do a
                  full on port scan of you, unless they know who you are and are
                  specifically motivated to get you.

                  J.
                Your message has been successfully submitted and would be delivered to recipients shortly.