"William Mattison" >> What's going on? How do I determine where they're coming from? Is >> there really someone or something trying to hack in? If no, what >> really is going on? stan: > I'd say someone is trying to target your system. I used to see a lot > of this kind of thing, except it was targeted against known window's > exploits. I wonder if your windows installation was compromised, and > they then found that you run linux, and are now trying to break into > your linux box. Or they could just have searched for sshd responses, > and then targeted them. It's not necessarily a target on *you*, but very probably it's just targeting any computer that responds to them. Poke, get a response, keep prodding... Years ago, when I was on dial-up, I'd notice a flurry of connection attempts any time I sent messages on mailing lists or usenet. It was simply internet bastards monitoring public posts and finding IPs in a header somewhere, thinking that it belongs to a computer that's probably still online, so it's worth probing. Look at your email headers. Your IP is in there. Your username may be too, if your email account name is the same as your login. On a list like this one, you may have provided all sorts of details about your computer system that hackers would love, while your discussing solving problems. I'm convinced that people who advise to turn off firewalls, etc., are actually miscreants trying to make it easy, not simply idiots spouting crap advice. Later on, as the various internet bastards habits have changed, I noticed that most of the poking away at my computer was just continual attempts to connect to any IP as they scanned through the ISPs IP range, and ports on the IPs (you'd see a repeating pattern, with a similar interval between scans). Basically, it's just a drive-by raid on everyone. I don't see that, any more, as the computer is not directly connected to the internet, and probe attempts are failing to get through a router that isn't pestering me about all the failed attempts. So run your firewalls, don't switch them off. There's usually some how-to guides, or preset options, to let it ignore unwanted outside connections. It's not *that* hard to do. Run SELinux, don't switch it off, nor leave it in permissive mode where it doesn't actually take any security actions (it just logs attempts, and allows them to happen). Turn off services you don't use. e.g. If you only have one computer, you don't need SSHD running. Never mind trying to modify its configuration, simply stop it from running, in the first place. Configure the services you're concerned about, rather than hoping that a firewall will successfully get in the way. e.g. If you have computers on a LAN that SSH between themselves, but you never SSH in from the outside world, then configure your SSH daemon accordingly. If you really have trouble trying to manage your computer security, you can take the easy option: Put a router between the internet and your computer. They have firewalls with one-click enable controls. Even without a firewall, most outside connection attempts would fail simply because the router would be ignoring external traffic that's not related to internal traffic. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 (always current details of the computer that I'm writing this email on) Boilerplate: All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I only get to see the messages posted to the mailing list. Damn, I didn't mean to press *that* button! _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
