Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 28 November 2024, 01:56:11 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Are we being attacked?
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Are we being attacked?  (Read 7693 times)
richardfisher
Jr. Member
*
Offline Offline

Posts: 1


« on: Tuesday 29 May 2012, 06:33:27 am »

We have been using 2.5.1 for a while now in 7 locations. One of our locations has just started emailing me warnings about root login failures through ssh from ip ;::ffff:1 nnn.nnn.nnn.nnn

There have been 4 of these "attacks in the last three days from 4 different ip addresses (2 in the States, 1 in England and 1 in Singapore). The location being "attacked" is where our Exchange Server is located but this doesn't look like spammers etc. more like attempted hacking. However the email could have led the attackers to the external ip of the firewall?

I am looking for advice, things to check etc. Fortunately I think we have a good password policy in effect which is helping protect us. Also - the number of attempts has dropped each time - first was about 384 over a 10 minute period but the most recent was only 20 attempts in 10 minutes. Hope this is a good sign and not a bad omen!

Thanks all.
Look forward to reading your posts!
Logged
martman22
Full Member
***
Offline Offline

Posts: 27


« Reply #1 on: Wednesday 30 May 2012, 01:00:11 am »

You may want to look at using Ossec on your remote sites. It will monitor such attacks and even block these attacks for whatever duration you set. It will also email you when attacks occur.  I uploaded an agent in the customization section of this forum which will work on Endian 2.5.1 but you will need to install the management portion on a separate server which you can download from their main site. Just do a search on it.

You can also compile it yourself if you install the development software on a spare endian box if you don't want to use the agent version of the software.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com