Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
Break-in via ssh - Identifying intrudersHi, I administer the computer network for the school where I work. It has been possible to connect to the network from the internet for some weeks now. Of course I get a lot of break-in attempts. Today I discovered a break-in attempt with variations of possible usernames for myself. I have the ip-address of the computer, of course, but it has already expired. Is there any way to find out, whether the same computer has already made another attempt to break the system? I am thinking of a unique key, perhaps, that is transmitted to my ssh server on login or something else? I can't find useful information in auth.log so far. Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
indentifying intruders
Identifying any particular machine (or even people) usually involves the cooperation of sysadmins of other systems and ISPs. It would help if you wrote a script to catch appropriate patterns from your ssh or auth log and automatically gather information on the IP number. Generally you would figure out what ISP it was, communicate with the admins, and they also need to do some work to help find out who the culprits are (and whether they are a victim of malware or else the principal criminal). So far the only proposals which would help identify individual machines easier will (a) waste a lot of bandwith transmitting information about the machine and (b) be considered too 'intrusive' to be implemented in many countries and in the end you have the same problem - are these people criminals or also victims?
Finding the person behind an ip-address
Thanks, I feared as much. It is not worth such a bother and I don't think the sysadmins of the internet provider would be so cooperative as no damage has been done.
It is more a matter of showing the pupils of my school that I am not stupid. You know, most teenagers think they are perfect with the PC and everyone above the age of 20 must be stupid.