Security Basics mailing list archives
Is this normal?
From: Erlend Lorentzen <er-lore () online no>
Date: Thu, 21 Oct 2004 19:48:57 +0200
Hi I'm not very experienced with this sort of thing so please bear with me. The following concerns my Slackware 9.1 NAT/Firewall protecting my Home LAN from the Internet. Checking my logs today I was a bit surprised to find about 80 refused connection attempts to my sshd during the last month like: Oct 7 21:22:27 firewall sshd[9710]: refused connect from xxx.xxx.xxx.xxx I did reverse lookups on the IP's with dig and found that the attemts originated from a variety of hosts from Italy, Polen, Russia, Sweden and Pakistan to name but a few. One particular host had tried connecting 19 times with just a few seconds between tries (is he/she just trying different commonly used passwords?) Now to my questions: Is this Normal? Should I be concerned? Any security tips, suggestions, thoughts? (I update regularly with swaret (SlackwareTool), use strong random passwords, tcp wrappers) Anyone know a good guide to hardening Slackware? Anything else you'd like to mention? Thanks, your help is much appreciated! Best regards Erlend.
Current thread:
- Is this normal? Erlend Lorentzen (Oct 21)
- Re: Is this normal? Joe Polk (Oct 22)
- Re: Is this normal? Barrie Dempster (Oct 27)
- Re: Is this normal? Kluge (Oct 27)
- Re: Is this normal? Kenneth R Swain II (Oct 27)
- Re: Is this normal? Barrie Dempster (Oct 27)
- Re: Is this normal? Adam Jones (Oct 22)
- Re: Is this normal? Callan K L Tham (Oct 25)
- Re: Is this normal? xyberpix (Oct 25)
- <Possible follow-ups>
- RE: Is this normal? Shawn Jackson (Oct 22)
- RE: Is this normal? Andrew Shore (Oct 22)
- Re: Is this normal? bp1974 (Oct 22)
(Thread continues...)
- Re: Is this normal? Joe Polk (Oct 22)