[Zeffie-Users] (raq4) hack attempt

Davis davis at maxximum.dns2go.com
Thu Apr 21 13:19:47 EDT 2005 

Actually, I don't have a firewall on the Raq 4R. On the Raq 550, I have a 
firewall.

I use 2 firewalls in Bastion. One with IPCOP (www.ipcop.org) and Symantec 
Security Gateway 320 box

and on  php sites, I use protector

Got hacked before, so now I am going paranoid and I am protect everything 
with firewall, IDS, IPS.. log analysis...ect

d


----- Original Message ----- 
From: "Arthur Sherman" <cobalt-list at compros.co.il>
To: "'Davis'" <davis at maxximum.dns2go.com>; "'Zeffie.net Users List'" 
<Zeffie-Users at zeffie.net>
Sent: Thursday, April 21, 2005 6:43 PM
Subject: RE: [Zeffie-Users] (raq4) hack attempt


> What kind of a firewall do you implement on your system?
>
> Assuming my native RaQ4r running on
> http://cdr.raq4less.com/RaQ4r-040317.iso, what would you use?
>
> Best,
>
> --
> Arthur Sherman
>
> ComPros Team
> +972-52-4689432
>
>
>
>> -----Original Message-----
>> From: Zeffie-Users-bounces at zeffie.net
>> [mailto:Zeffie-Users-bounces at zeffie.net] On Behalf Of Davis
>> Sent: Thursday, April 21, 2005 7:40 AM
>> To: Zeffie.net Users List
>> Subject: Re: [Zeffie-Users] (raq4) hack attempt
>>
>> I already blocked this script kidie... actually I blocked the
>> whole range on the firewall :
>>
>> Looking up 221.242.57.202...
>> Using whois server whois.arin.net.
>>
>> OrgName:    Asia Pacific Network Information Centre
>> OrgID:      APNIC
>> Address:    PO Box 2131
>> City:       Milton
>> StateProv:  QLD
>> PostalCode: 4064
>> Country:    AU
>>
>> ReferralServer: whois://whois.apnic.net
>>
>> NetRange:   221.0.0.0 - 221.255.255.255
>>
>>
>> ----- Original Message -----
>> From: "Arthur Sherman" <cobalt-list at compros.co.il>
>> To: "'Cobalt Users'" <cobalt-users at lists.qbalt.com>; "Zeffie-Users"
>> <Zeffie-Users at zeffie.net>
>> Sent: Thursday, April 21, 2005 5:01 AM
>> Subject: [Zeffie-Users] (raq4) hack attempt
>>
>>
>> >
>> > Hi,
>> >
>> > How are you doing?
>> >
>> >
>> > I have mentioned this in auth log:
>> >
>> > ---start---
>> > [root spamassassin]# tail -n 50 /var/log/auth
>> > Apr 20 20:14:05 baby sshd[18765]: error: Could not get
>> shadow information
>> > for NOUSER
>> > Apr 20 20:14:05 baby sshd[18765]: Failed password for
>> illegal user backup
>> > from 221.242.57.202 port 55826 ssh2
>> > Apr 20 20:14:08 baby sshd[18767]: Illegal user server from
>> 221.242.57.202
>> > Apr 20 20:14:08 baby sshd[18767]: error: Could not get
>> shadow information
>> > for NOUSER
>> > Apr 20 20:14:08 baby sshd[18767]: Failed password for
>> illegal user server
>> > from 221.242.57.202 port 55901 ssh2
>> > Apr 20 20:14:11 baby sshd[18769]: Illegal user adam from
>> 221.242.57.202
>> > Apr 20 20:14:11 baby sshd[18769]: error: Could not get
>> shadow information
>> > for NOUSER
>> > Apr 20 20:14:11 baby sshd[18769]: Failed password for
>> illegal user adam
>> > from
>> > 221.242.57.202 port 55966 ssh2
>> > Apr 20 20:14:15 baby sshd[18771]: Illegal user alan from
>> 221.242.57.202
>> > Apr 20 20:14:15 baby sshd[18771]: error: Could not get
>> shadow information
>> > for NOUSER
>> > Apr 20 20:14:15 baby sshd[18771]: Failed password for
>> illegal user alan
>> > from
>> > 221.242.57.202 port 56060 ssh2
>> > Apr 20 20:14:18 baby sshd[18773]: Illegal user frank from
>> 221.242.57.202
>> > Apr 20 20:14:18 baby sshd[18773]: error: Could not get
>> shadow information
>> > for NOUSER
>> > Apr 20 20:14:18 baby sshd[18773]: Failed password for
>> illegal user frank
>> > from 221.242.57.202 port 56142 ssh2
>> > Apr 20 20:14:21 baby sshd[18777]: Illegal user george from
>> 221.242.57.202
>> > Apr 20 20:14:21 baby sshd[18777]: error: Could not get
>> shadow information
>> > for NOUSER
>> > Apr 20 20:14:21 baby sshd[18777]: Failed password for
>> illegal user george
>> > from 221.242.57.202 port 56211 ssh2
>> > ---end---
>> >
>> > Some potz from Japan is probing my server.
>> > How could I make my server block for a hour/day that IP?
>> >
>> > Best,
>> >
>> > --
>> > Arthur Sherman
>> >
>> > ComPros Team
>> > +972-52-4689432
>> >
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Zeffie-Users mailing list
>> > Zeffie-Users at zeffie.net
>> > http://zeffie.net/mailman/listinfo/zeffie-users_zeffie.net
>> >
>>
>>
>>
>> --------------------------------------------------------------
>> ---------
>> This mail has been checked and is virus free.
>>
>>
>>
>> _______________________________________________
>> Zeffie-Users mailing list
>> Zeffie-Users at zeffie.net
>> http://zeffie.net/mailman/listinfo/zeffie-users_zeffie.net
>>
>
>
>
> 



-----------------------------------------------------------------------
This mail has been checked and is virus free.

More information about the Zeffie-Users mailing list