Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 16 of 16
Originally Posted by xylex_blaiste yeah, it seems kinda ridiculous. the IP could've been spoofed. i mean, that IP is being used by some Internet Company. Unless you have control of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284

    Quote Originally Posted by xylex_blaiste
    yeah, it seems kinda ridiculous. the IP could've been spoofed. i mean, that IP is being used by some Internet Company.
    Unless you have control of various upstream routers it is not possible to spoof an IP address for a direct TCP connection. UDP is a different matter, but SSH is TCP.

  2. #12
    Linux User
    Join Date
    Aug 2003
    Posts
    289
    it's not? i always hear about DNS poisoning and IP spoofing. guess it's not that simple, huh.. . hehehe.. .



    how do i get more info from someone who might try to do that again, aside from the IP being logged? i've searched all of my logs and that's the only one i got - just the IP. it's lacking.
    Registered User #345074

  3. #13
    Linux Guru kkubasik's Avatar
    Join Date
    Mar 2004
    Location
    Lat: 39:03:51N Lon: 77:14:37W
    Posts
    2,396
    you could call the company and notifythem, they will proabaly investigate, either, they are being comparamised, or they have an unruley employee. they are likly to investige, some people take this very serisouly.
    Avoid the Gates of Hell. Use Linux
    A Penny for your Thoughts

    Formerly Known as qub333

  4. #14
    Just Joined!
    Join Date
    Aug 2004
    Posts
    14
    the Simplest thing you can do to avoid those pesky people is to make sure all ports (that are not being used) are closed. 24/7 It would still be possible to get in to your computer, but I can pretty much assure you that no "skriptkiddie" as they are sometimes called. Will be able to figure it out.

    -m-

  5. #15
    Just Joined!
    Join Date
    Apr 2004
    Location
    UK
    Posts
    61
    You can be 95% sure that the box being used to attempt a connection to yours has been rootkitted.

    It is worth notifying the abuse or tech contact (if given) from a whois so that they can take steps to secure their machine.

    On each occasion where I have notified people about attempted access from thier system, they have confirmed that the box had been rooted.

  6. #16
    Just Joined!
    Join Date
    Aug 2004
    Location
    Helderberg Mountains- Upstate NY
    Posts
    39
    Quote Originally Posted by bluefoxicy
    1. Make sure you have secure 8+ character passwords -- no words, no quotes from books, nothing about you. If you want, try pwgen --no-numerals and look for neat words (Like "LiQUooSH" and such); these are weaker, but they're at least random, and difficult for a little scriptkiddie to crack.
    The addition of a non-alpha, non-numeric character adds exponential combinations to a password. By interspersing characters like %,$,^,+ and so forth will foil a lot of effort by hackers, like this:

    windwood-
    password- w&i#n%d*w)o(o@d

    Even just adding one or two adds 1000s of combinations.



Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •