Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
Hi, i'm using slackware 10 and i was wondering if there is a way to disable remote access, i use it as a personal OS and there's really no need ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471

    Access attempts


    Hi, i'm using slackware 10 and i was wondering if there is a way to disable remote access, i use it as a personal OS and there's really no need for it in my case. the reason i wish to disable it is because of the series of access attempts that have been made on this machine, luckily all have failed so far, here is a small sample.

    Code:
    Jan 31 11:40:43 excaliber sshd[2375]: Failed password for illegal user web from 200.27.232.100 port 53241 ssh2
    Jan 31 11:40:45 excaliber sshd[2377]: Illegal user oracle from 200.27.232.100
    Jan 31 11:40:45 excaliber sshd[2377]: Failed password for illegal user oracle from 200.27.232.100 port 53347 ssh2
    Jan 31 11:40:47 excaliber sshd[2379]: Illegal user sybase from 200.27.232.100
    Jan 31 11:40:47 excaliber sshd[2379]: Failed password for illegal user sybase from 200.27.232.100 port 53608 ssh2
    Jan 31 11:40:49 excaliber sshd[2381]: Illegal user master from 200.27.232.100
    Jan 31 11:40:49 excaliber sshd[2381]: Failed password for illegal user master from 200.27.232.100 port 53745 ssh2
    Jan 31 11:40:51 excaliber sshd[2383]: Illegal user account from 200.27.232.100
    Jan 31 11:40:51 excaliber sshd[2383]: Failed password for illegal user account from 200.27.232.100 port 53910 ssh2
    Jan 31 11:40:53 excaliber sshd[2385]: Illegal user backup from 200.27.232.100
    Jan 31 11:40:53 excaliber sshd[2385]: Failed password for illegal user backup from 200.27.232.100 port 54186 ssh2
    Jan 31 11:40:54 excaliber sshd[2387]: Illegal user server from 200.27.232.100
    Jan 31 11:40:54 excaliber sshd[2387]: Failed password for illegal user server from 200.27.232.100 port 54301 ssh2
    Jan 31 11:40:56 excaliber sshd[2389]: Illegal user adam from 200.27.232.100
    Jan 31 11:40:56 excaliber sshd[2389]: Failed password for illegal user adam from 200.27.232.100 port 54568 ssh2
    Jan 31 11:40:58 excaliber sshd[2391]: Illegal user alan from 200.27.232.100
    Jan 31 11:40:58 excaliber sshd[2391]: Failed password for illegal user alan from 200.27.232.100 port 54707 ssh2
    Jan 31 11:41:00 excaliber sshd[2393]: Illegal user frank from 200.27.232.100
    Jan 31 11:41:02 excaliber sshd[2395]: Illegal user george from 200.27.232.100
    Jan 31 11:41:02 excaliber sshd[2395]: Failed password for illegal user george from 200.27.232.100 port 55131 ssh2
    Jan 31 11:41:04 excaliber sshd[2397]: Illegal user henry from 200.27.232.100
    Jan 31 11:41:04 excaliber sshd[2397]: Failed password for illegal user henry from 200.27.232.100 port 55192 ssh2
    Jan 31 11:41:11 excaliber sshd[2401]: Illegal user john from 200.27.232.100
    Jan 31 11:41:11 excaliber sshd[2401]: Failed password for illegal user john from 200.27.232.100 port 55812 ssh2
    Jan 31 11:41:13 excaliber sshd[2405]: Failed password for root from 200.27.232.100 port 56088 ssh2
    Jan 31 11:41:15 excaliber sshd[2407]: Failed password for root from 200.27.232.100 port 56194 ssh2
    Jan 31 11:41:17 excaliber sshd[2409]: Failed password for root from 200.27.232.100 port 56487 ssh2
    Jan 31 11:41:18 excaliber sshd[2411]: Failed password for root from 200.27.232.100 port 56614 ssh2
    Jan 31 11:41:20 excaliber sshd[2413]: Failed password for root from 200.27.232.100 port 56783 ssh2
    Jan 31 11:41:22 excaliber sshd[2415]: Illegal user test from 200.27.232.100
    Jan 31 11:41:22 excaliber sshd[2415]: Failed password for illegal user test from 200.27.232.100 port 57042 ssh2
    any help on this matter would be greatly appreciated.

  2. #2
    Linux Newbie
    Join Date
    Sep 2003
    Location
    St.Charles, Missouri, USA
    Posts
    201
    A firewall would be a good idea. Failing that, kill sshd and stop it from starting when your computer boots up.
    Powered by Gentoo
    never ever ever use the hardened option in make.conf!

  3. #3
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    try this in a shell

    Code:
    su -
    <password>
    cd /etc/rc.d
    chmod -x rc.sshd
    That should do the trick
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  4. #4
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    hey atleast your are lucky that that is just a script kiddie running a script...i used to get that one run against me also if you have an ftp server running i would turn it off when you dont need it

    also for future use disable root login in the sshd and ftp server config's and that will cut the attempts by 90% ...whats the fun of cracking a user (you can su - root after logging in as a user)

    also limit the login time to 1 minute
    then from there you could use a key to login instead of a passwd and that is the most secure!
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  5. #5
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    Quote Originally Posted by loft306

    also limit the login time to 1 minute
    then from there you could use a key to login instead of a passwd and that is the most secure!
    Can you give a little more info here? That sounds interesting and I have never heard of that?
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  6. #6
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    Quote Originally Posted by adrenaline
    try this in a shell

    Code:
    su -
    <password>
    cd /etc/rc.d
    chmod -x rc.sshd
    That should do the trick
    thanks, that seems to have sorted it out, the logs haven't reported anything out of the ordinary since then.

  7. #7
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    Quote Originally Posted by Krendoshazin

    thanks, that seems to have sorted it out, the logs haven't reported anything out of the ordinary since then.
    I glad that helped let me know if you need anything else.
    Mike
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  8. #8
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    Quote Originally Posted by adrenaline
    Quote Originally Posted by loft306

    also limit the login time to 1 minute
    then from there you could use a key to login instead of a passwd and that is the most secure!
    Can you give a little more info here? That sounds interesting and I have never heard of that?
    yeah in the /etc/ssh/sshd_config (in Gentoo, your config might be elseware)
    Code:
    LoginGraceTime .5m
    that is 1/2 a minute
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  9. #9
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    Quote Originally Posted by adrenaline
    I glad that helped let me know if you need anything else.
    Mike
    How would i stop sendmail from accepting connections, i can see it open on ports 25 and 587

    PORT STATE SERVICE OWNER VERSION
    25/tcp open smtp 0 Sendmail 8.12.11/8.12.11
    37/tcp open time
    113/tcp open ident 99 OpenBSD identd
    587/tcp open smtp 0 Sendmail 8.12.11/8.12.11
    6000/tcp open X11 0 (access denied)

    what could i also do about the others while i'm at it, most importantly X11

  10. #10
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    Quote Originally Posted by Krendoshazin
    Quote Originally Posted by adrenaline
    I glad that helped let me know if you need anything else.
    Mike
    How would i stop sendmail from accepting connections, i can see it open on ports 25 and 587

    PORT STATE SERVICE OWNER VERSION
    25/tcp open smtp 0 Sendmail 8.12.11/8.12.11
    37/tcp open time
    113/tcp open ident 99 OpenBSD identd
    587/tcp open smtp 0 Sendmail 8.12.11/8.12.11
    6000/tcp open X11 0 (access denied)

    what could i also do about the others while i'm at it, most importantly X11
    All you need to do to open ports and close ports is to start and stop services. This is a little different from distro to distro but I will tell you in redhat.
    Ok if you don't want sendmail to run.
    open a term
    Code:
    su - 
    <password>
    cd /etc/rc3.d 
    ls
    #look for sendmail in this folder. it will look something like this
    S80sendmail
    mv S80sendmail K80sendmail
    #if you boot graphically you will have to do the same exact thing in /etc/rc5.d
    #what you are doing is if it is K that means kill or don't start on boot and if S that means start on boot &#40;get it&#41;
    If you want to start a service say vsftpd you do the opposite
    mv K35vsftpd to S35vsftpd
    then reboot and you have a ftp server and if you do a netstart -pant you will see the port is open. 
    
    This will close port 6000
    Editing /etc/X11/xdm/Xservers and adding the -nolisten tcp after X, and
    Creating a alias in .bashrc alais startx='startx -- -nolisten tcp
    
    Mike
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •