Hi,
I've noticed yesterday evening and this morning (very shortly after
turning on my router at home - on P&T ADSL) that there were attacks
against my SSH server running - quite probably brute-force dictionary
attacks.
I've got quite some entries in my auth.log (extract):
this morning:
----------------------------------------
Oct 12 09:13:08 hermes sshd[543]: Failed password for illegal user wwwrun from 216.173.46.164 port 55039 ssh2
Oct 12 09:13:09 hermes sshd[545]: Illegal user matt from 216.173.46.164
Oct 12 09:13:09 hermes sshd[545]: error: Could not get shadow information for NOUSER
Oct 12 09:13:09 hermes sshd[545]: Failed password for illegal user matt from 216
.173.46.164 port 55067 ssh2
Oct 12 09:13:11 hermes sshd[547]: Illegal user test from 216.173.46.164
Oct 12 09:13:11 hermes sshd[547]: error: Could not get shadow information for NOUSER
Oct 12 09:13:11 hermes sshd[547]: Failed password for illegal user test from 216
.173.46.164 port 55100 ssh2
Oct 12 09:13:13 hermes sshd[549]: Illegal user test from 216.173.46.164
Oct 12 09:13:13 hermes sshd[549]: error: Could not get shadow information for NOUSER
Oct 12 09:13:13 hermes sshd[549]: Failed password for illegal user test from 216
.173.46.164 port 55134 ssh2
Oct 12 09:13:15 hermes sshd[551]: Illegal user test from 216.173.46.164
yesterday evening:
----------------------------------------
Oct 11 19:38:44 hermes sshd[2051]: Illegal user frank from 213.240.168.200
Oct 11 19:38:44 hermes sshd[2051]: error: Could not get shadow information for NOUSER
Oct 11 19:38:44 hermes sshd[2051]: Failed password for illegal user frank from 2
13.240.168.200 port 40686 ssh2
Oct 11 19:38:45 hermes sshd[2053]: Illegal user george from 213.240.168.200
Oct 11 19:38:45 hermes sshd[2053]: error: Could not get shadow information for NOUSER
Oct 11 19:38:45 hermes sshd[2053]: Failed password for illegal user george from
213.240.168.200 port 40710 ssh2
Oct 11 19:38:46 hermes sshd[2055]: Illegal user henry from 213.240.168.200
Oct 11 19:38:46 hermes sshd[2055]: error: Could not get shadow information for NOUSER
Oct 11 19:38:46 hermes sshd[2055]: Failed password for illegal user henry from 2
13.240.168.200 port 40737 ssh2
Oct 11 19:38:47 hermes sshd[2057]: Illegal user john from 213.240.168.200
Oct 11 19:38:47 hermes sshd[2057]: error: Could not get shadow information for NOUSER
Oct 11 19:38:47 hermes sshd[2057]: Failed password for illegal user john from 213.240.168.200 port 40757 ssh2
----------------------------------------
I suspect these attempts are run from compromised machines, anyway I
did try contacting the admin from yesterday evening's incident.
I suppose all of you will want to check their logs, certainly if you're
running an SSH server.
I've reconfigured my own SSH server to listen on a non-standard
port for now (check /etc/ssh/sshd_config), in addition to my
relatively hard-to-crack passwords (designed not to fall prey to
"normal" dictionary attacks).
I guess "they" are out there...
Greets Eric
Salut
J'ai une ligne ADSL de la Poste et j'utilise donc leur DNS. Depuis ~une
semaine, j'ai parfois des problèmes avec le DNS, qui n'arrive pas à résoudre
une requête, donc à transformer un domain name dans une adresse IP.
Je demande ceux qui utilisent aussi le DNS de la poste si vous rencontrez de
problèmes similaires avec le DNS des P&T.
Merci
Alex
I'm trying to clean up my office and have a lot of stuff
I would like to get rid.
OfficeJet HP 1175C:
Big Printer/Scanner with feeder for scanner
can be used to make color photocopies.
+/-150Euro
Brand new German wireless Keyboard+Mouse
2 Compaq small factor desctop PC's
CPU is 233MMX 64Mbytes RAM 2Gbytes of disk
very low noise (no CPU fan). Integrated Ethernet card.
+/-20 Euro
1 486 desktop. (nices case with speakers) + 15" screen.
1 Euro à discuter ;)
The old sendar:
Dual Pentium 200 w/256 Mbytes RAM SCSI disk
Panther Tape dirve, Syquest disk .....
Lots of other SCSI, Soundblaster ... cards
Old UPS Merling Gerin (needs new batteries)
If someone is interested please contact me.
If someone wants to take it all I'll make a good price.
---
Thierry Coutelier
http://www.lilux.lu
> since the date is approaching, I'm sending this little reminder
> about the LinuxBiz event at the SI Expo, October 6th, from 12:15
> to 19:00.
How do you register for this?
-pu
Hi,
since the date is approaching, I'm sending this little reminder
about the LinuxBiz event at the SI Expo, October 6th, from 12:15
to 19:00.
You'll find the agenda at:
http://www.linuxdays.lu/events/siexpo
It consists of a series of presentations by companies, i.e.
NeoFacto, Oracle, HP, RTL Group, Novell, Sun, Conostix, IBM,
with an introduction from the CRP Henri Tudor.
Greetings, Eric
Hi. I have a Coditel cable connection to a Coditel cable modem. (With
reference to recent discussions about various ADSL deals available in
Luxembourg, I am happy to vouch for the cable service offered by Coditel if
it's available in your area - recently they doubled the connection speed at
no extra cost.)
At the moment my computer is plugged into the cable modem via RJ45. I am
moving house soon and would like to have the computer upstairs in the new
place. The cable, however, comes into the downstairs front room. I would
like to canvas the group's opinion on the most appropriate hardware to set
up a wireless connection under Linux, including recommendations on hardware
and where to buy it. My machine is a Dell Dimension 4600 with a Pentium IV,
running Debian GNU/Linux (sarge, mostly). There's only one machine at home
at the moment, but I want to get a lap-top in the next six months or so.
Additionally, although I am reasonably competent, I am not a tech pro, and I
have a limited budget, so no Grand Unifying Solutions please!
Thanks in advance,
Mark H
----------------------------------------------------------------------------
The information contained in this e-mail message and/or attachments is
intended solely for the attention and use of the individual or entity
named above. It may contain privileged and confidential information..
If you are not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that you have received this transmittal by error and that any
dissemination, distribution, use or copy of any part of this
communication is strictly prohibited. In such a case please notify
immediately ING Luxembourg S.A. by reply transmission or by telephone
(+352 44 99 11) and delete this message. Thank you.
E-mails transmission cannot be guaranteed to be secure or error free as
information could be incomplete, intercepted, corrupted, lost,
destroyed, arrive late or contain viruses. The sender therefore does
not accept liability for any errors or omissions in the contents of this
message which may arise as a result of e-mail transmission. If
verification is required, please request a hard copy version.
The material contained in this e-mail is for information purposes only
and does not constitute a formal commitment by our bank.
The recipients are made aware that all replies to e-mail messages can go
through ING Luxembourg S.A. servers and are subject to monitoring and
auditing in accordance to the internal policies standards.
Moïen,
Mir kënnen hëchstwahrscheinlech hellefen :-) ech géif ball "sëcher"
schreiwen, mé ët kann éen nie wëssen waat éen dann proposéiert.
Et ass allerdéngs éent vun eise But, déene Leit ze hellefen, déi wëllen
GNU/Linux ze gebrauchen.
Ech géif der rooden dech an eiser "Hëllef" Mailing Lëscht anzeschreiwen,
déi fënnst du ënner "http://www.linux.lu/mailman/listinfo/lilux-help"
Vill Gléck mam Linux :-)))
den Serge
On Sun, 2004-09-26 at 18:13, Roland Kaber wrote:
> Léif linux.lu Responsabel
>
> Main Numm ass Roland Kaber
>
> Ech sin derbei eeschthaft driwer nozedenken fir vu Windows op Linux
> emzeklammen, fille méch awer zimlech eleng. Kann är Organisatioun do
> hellefen? Wa jo, wéi kann ech mech am beschten uléen fir Kontakt
> opzehuelen. Ech denken àre Forum kéint hellefen, ech wär awer nach méi
> interesséiert och emol eng lieweg Kontaktpersoun kennen ze treffen.
> Themen wéi zum Beispill Linux op engen Notebook, di richtég Hardware
> Konfiguratioun, zwee Betriebssystémer glaichzeitég op engem PC géif ech
> gären verdéiwen. Wou kritt een zu Lëtzebuerg iwewrhapt a PC an Linux
> ugebueden wär en aanert Thema.
>
> Merci am Viraus
--
----------------------------------------------------------------------
Serge Marelli, Luxembourg
E-mail : serge.marelli(a)linux.lu
----------------------------------------------------------------------
LiLux - http://www.lilux.lu/
Defending Innovation against Patent Inflation http://swpat.ffii.org/
Free Software Foundation - http//www.fsf.org/
On Sunday 26 September 2004 17:15, Henri Majerus wrote:
> On Mon, 2004-09-20 at 17:03, Mark HATHERLY wrote:
> > At the moment my computer is plugged into the cable modem via RJ45. I am
> > moving house soon and would like to have the computer upstairs in the new
> > place. The cable, however, comes into the downstairs front room.
> >
> > Additionally, although I am reasonably competent, I am not a tech pro,
> > and I have a limited budget, so no Grand Unifying Solutions please!
>
> An alternative solution to your problem might be a Devolo MicroLink dLAN
> Kit:
>
> http://www.devolo.de/index_en.php
This sounds really nice !
--
Pascal Steichen - pascal.steichen(a)lilux.lu
LiLux asbl - http://www.lilux.lu/
Hi,
I just found the following site when trying to get a certificate to sign
my mails: http://www.thawte.com
Does anybody know / use this service? Is there a risk to enter my ID
Card No.?
If somebody on this list already uses this service, could he/she then
notarize my ID?
greetings
Jang Lemmer
hi there ,
when mounting an usb device, the device is shown as /dev/sda1 (according to
cat /proc/partitions). so far so god.
but when unpluggins the device without unmounting it, a problem appears: when
replugging it, the device turns to be /dev/sdb1, sdc1...an so on.
how can i fix this knowing that most distibutions have this problem.
i personally use suse 9.1 and disabled the subfs system is the hotplug
detection, which caused serious performance troubles on my laptop.
what can i do?
thanks
Frédéric
