Web intrusions

carnivorousplant · December 29, 2004, 8:21pm

We have acquired two Linux servers, one maintained by an outside provider, one built by me. I also built a White Box linux to screw around with. I’m surprised upon examining the log to see the attempted logins. Thirty or so using simple user names “Bob”, “Sally”, “Dog”, etc. from the same IP address.

Are those generated by a virus or a user? Are they faking the IP address or are they really in Korea?

Yeah, I know I need a firewall.

Thanks

CP

gotpasswords · December 29, 2004, 10:23pm

I’d bet on a would-be hacker. I forget exactly who reported this - might have been Symantec’s SARC group - but on average, a computer is probed or attacked within 17 **seconds ** of being put online with a fresh IP. Credit this to the scanning tools that ping every IP in a selected range sequentially.

As for their exact location, Korea’s certainly likely, but they could just as easily be using an anonymizer and routing through Korea.

Topic		Replies	Views
Help! Help! I'm being scanned! Factual Questions	24	1683	September 22, 2000
hAcKeD!! Miscellaneous and Personal Stuff I Must Share	5	900	January 10, 2001
hAckErz- Great Debates	3	802	May 9, 2001
Dear Dopers: How do I track down the morons who keep attempting to hack me? Factual Questions	15	1438	July 27, 2002
Help, I'm under attack! Miscellaneous and Personal Stuff I Must Share	2	674	June 9, 2001

Web intrusions

Related topics