Best way, as in most definite: turn of your telnet server - comment out
the appropriate line in /etc/inetd.conf, then killall -HUP inetd
Then use SSH for your own connections.
Nobody will be able to get in via your telnet daemon if it isn't
running... but these folks will probably just go after other services
after that (pop imap ssh ftp dns, whatever).
Keep track of the IPs they're using - they may just be coming from an
ISP's dialup pool, or from two or three such pools, coordinating via IRC.
Block those ISPs netblocks via hosts.deny or null routing or firewalling.
On Mon, 17 Jan 2000, William B. Herman wrote:
> It seems that I have people who are trying to telnet into my machine. They
> seem to be either changing their ISP or spoofing their IP address. There is
> no reason these addresses should be telneting into our machine. My guess is
> they are trying brute force to gain access. What is the best way to protect
> our system against such an attack?
>
> -Bill Herman
> Technology Chairman
> Pi Kappa Alpha - Gamma Tau Chapter
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
>
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
---------------------------------------------------------------------------
Assume just 4 million businesses on the Internet today...
If 1% of them sent you one piece of junk email per year,
you'd still have to wade through over 100 messages per day.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
