Are these attempts by password crackers??

[Subhro]

On Mon, 18 Oct 2004 08:51:22 +0300, Odhiambo Washington
<wash at wananchi.com> wrote:

> 1. Is this some virus or some crackers playing around?
Yeh, someone is prolly trying to bruteforce your boxes.

> 2. Why only on 5.2.1 systems and not on any of the 4.10 boxes that I
>    also run?
Negative, a couple of my 4.10 boxes also reports the same.

> 3. Am I supposed to be worried at all? Well, I am not ;)
You need not worry if you have done these:
1. Set  PetmitRootLogin to No in sshd_config.
2. Use Public/Private keypair for authentication to all the
previledged accounts, i.e. the accounts which are member of wheel.
3. Try to avoid accesing foreign services (surfing, IRCing) from
previledged accounts.
4. NEVER login as root. Instead su to root as required.
5. Do not include the current directory in $PATH to save the ./ when
running a binary from the current directory.
6. Maintain an updated tripwire (or alike) database.
7. Do not run any service which you do not need to.
8. Generate a script to parse log files at regular intervals and add
blocks for IPs in the border router which had been trying to
bruteforce the box.
9. And last but not the least, do not allow any user a priviledge
which he/she does not need to have.

Regards
S.

-- 
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
ZIP 700091
India