[lug] Should I worry about: attempted hacks on boxes?

Eric Peers eric_peers at yahoo.com
Sun Jul 6 13:30:56 MDT 2003

I've got a box on the web which is not publicly
advertised at this point. But it looks like folks are
trying to hack it. I've seen weird http requests (code
red), and attempted logins for ssh. Is there anything
I should do besides for read my logs periodically for
this sort of activity? Is there a good toolkit that
checksums major binaries to see if a system has been

Do these look enough like attempted hacks? I've
obviously turned off root logins to my box and
disabled most other ports (ftp, telnet).

[log]# more secure.1
Jul  1 03:57:06 iceaxe sshd[642]: Did not receive
identification string from
Jul  1 04:00:24 iceaxe sshd[654]: Did not receive
identification string from
Jul  3 22:01:15 iceaxe sshd[13243]: Did not receive
identification string from

the first logins are from a machine in poland. The 2nd
is from somewhere in china? Me & my girlfriend are the
only ones logging into the box right now, and I know
we're not in china or poland. Should I worry about


Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

More information about the LUG mailing list