- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: HPUX 11.31 hacking issue
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-14-2011 02:00 PM
тАО02-14-2011 02:00 PM
HPUX 11.31 hacking issue
HPUX 11.31 connected through gateway and firewall to internet with ssh on firewall disabled, but still get the following in syslog.log file.
Feb 9 20:42:19 ecorapr1 sshd[25149]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:19 ecorapr1 sshd[25149]: Invalid user ____ from 93.186.118.171
Feb 9 20:42:19 ecorapr1 sshd[25149]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:21 ecorapr1 sshd[25149]: Failed password for invalid user ____ from 93.186.118.171 port 34685 ssh2
Feb 9 20:42:22 ecorapr1 sshd[25143]: Failed password for root from 218.14.203.206 port 58366 ssh2
Feb 9 20:42:22 ecorapr1 sshd[25184]: SSH: Server;Ltype: Version;Remote: 93.186.118.171-36940;Protocol: 2.0;Client: libssh-0.2
Feb 9 20:42:23 ecorapr1 sshd[25184]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:23 ecorapr1 sshd[25191]: SSH: Server;Ltype: Version;Remote: 218.14.203.206-59986;Protocol: 2.0;Client: libssh-0.1
Feb 9 20:42:25 ecorapr1 sshd[25184]: Failed password for root from 93.186.118.171 port 36940 ssh2
Feb 9 20:42:23 ecorapr1 sshd[25184]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:26 ecorapr1 sshd[25246]: SSH: Server;Ltype: Version;Remote: 93.186.118.171-39429;Protocol: 2.0;Client: libssh-0.2
Feb 9 20:42:27 ecorapr1 sshd[25246]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:28 ecorapr1 sshd[25191]: Failed password for root from 218.14.203.206 port 59986 ssh2
Feb 9 20:42:29 ecorapr1 sshd[25246]: Failed password for root from 93.186.118.171 port 39429 ssh2
Feb 9 20:42:27 ecorapr1 sshd[25246]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:30 ecorapr1 sshd[25280]: SSH: Server;Ltype: Version;Remote: 93.186.118.171-41937;Protocol: 2.0;Client: libssh-0.2
Feb 9 20:42:31 ecorapr1 sshd[25280]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:33 ecorapr1 sshd[25301]: SSH: Server;Ltype: Version;Remote: 218.14.203.206-62367;Protocol: 2.0;Client: libssh-0.1
Feb 9 20:42:33 ecorapr1 sshd[25280]: Failed password for root from 93.186.118.171 port 41937 ssh2
Feb 9 20:42:31 ecorapr1 sshd[25280]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:34 ecorapr1 sshd[25322]: SSH: Server;Ltype: Version;Remote: 93.186.118.171-44342;Protocol: 2.0;Client: libssh-0.2
Feb 9 20:42:36 ecorapr1 sshd[25322]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:37 ecorapr1 sshd[25301]: Failed password for root from 218.14.203.206 port 62367 ssh2
Feb 9 20:42:38 ecorapr1 sshd[25322]: Failed password for root from 93.186.118.171 port 44342 ssh2
Feb 9 20:42:36 ecorapr1 sshd[25322]: gethostbyaddr: mail.greg.com. != 93.186.118.171
Feb 9 20:42:39 ecorapr1 sshd[25382]: SSH: Server;Ltype: Version;Remote: 218.14.203.206-63761;Protocol: 2.0;Client: libssh-0.1
Feb 9 20:42:43 ecorapr1 sshd[25382]: Failed password for root from 218.14.203.206 port 63761 ssh2
Feb 9 20:42:45 ecorapr1 sshd[25440]: SSH: Server;Ltype: Version;Remote: 218.14.203.206-1150;Protocol: 2.0;Client: libssh-0.1
Feb 9 20:42:49 ecorapr1 sshd[25440]: Failed password for root from 218.14.203.206 port 1150 ssh2
Feb 9 20:42:51 ecorapr1 sshd[25487]: SSH: Server;Ltype: Version;Remote: 218.14.203.206-2372;Protocol: 2.0;Client: libssh-0.1
Feb 9 20:42:55 ecorapr1 sshd[25487]: Failed password for root from 218.14.203.206 port 2372 ssh2
It seems we being hit with ssh generator.
How can I make this stop?
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-14-2011 02:39 PM
тАО02-14-2011 02:39 PM
Re: HPUX 11.31 hacking issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-14-2011 02:40 PM
тАО02-14-2011 02:40 PM
Re: HPUX 11.31 hacking issue
create a route on the fw or server to route this address to 127.0.0.1
I will create a black hole for that IP.. poof your server is invisible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-14-2011 02:47 PM
тАО02-14-2011 02:47 PM
Re: HPUX 11.31 hacking issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-14-2011 02:52 PM
тАО02-14-2011 02:52 PM
Re: HPUX 11.31 hacking issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-14-2011 04:12 PM
тАО02-14-2011 04:12 PM
Re: HPUX 11.31 hacking issue
Are you sure ssh is disabled? I'd speak with my networks/firewall people about this.
If you really need ssh from the Internet then you should consider writing a script to monitor this type of activity and block any suspect IP addresses using IPFilter (it's free from http://software.hp.com). We have implemented such a scheme and it works quite well. We block the IP addresses for thirty minutes... which allows legitimate users who may have forgotten their passwords to try again later.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2011 03:30 AM
тАО12-08-2011 03:30 AM
Re: HPUX 11.31 hacking issue
How do I change the default ssh port to something else? I have put an entry in /etc/services ssh 2022/tcp but still cannot login. The firewall is now allowed 2022 port to this server, but cannot login.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2011 06:11 AM
тАО12-09-2011 06:11 AM
Re: HPUX 11.31 hacking issue
sshd does not use /etc/services to determine which port it listens to.
(Only the services configured via /etc/inetd.conf using service names and some other applications that use getservbyname() system calls use /etc/services for port assignment.)
By default, /opt/ssh/etc/sshd_config has a line:
Port 22
If you want sshd to listen in port 2022, you should change it to:
Port 2022
...and then restart sshd:
sh /sbin/init.d/secsh stop sh /sbin/init.d/secsh start