Mea Vita: Carpe Diem: What is the deal with Asian hacking?

The hardware firewall on my mother's network was having a problem so I had her plug her computer straight into the cable modem. I realized that this isn't the best idea, but it's a Mac, so the only way someone could get in is if they guessed her username and password which were both strong.

However, I was alarmed when I took a peek at her security logs (/var/log/secure.log) to see so many attacks over SSH - primarily from from Asia (China, Korea, and India). Here's a small sample:


Nov 10 13:57:27 MacBook-Pro sshd[11704]: Invalid user admin from 208.51.155.141
Nov 10 13:57:28 MacBook-Pro sshd[11706]: Invalid user test from 208.51.155.141
Nov 10 13:57:29 MacBook-Pro sshd[11708]: Invalid user imaging from 208.51.155.141
Nov 10 13:57:31 MacBook-Pro sshd[11710]: Invalid user oracle from 208.51.155.141
Nov 10 19:20:41 MacBook-Pro sshd[12097]: Invalid user test from 218.1.65.233
Nov 10 19:20:45 MacBook-Pro sshd[12099]: Invalid user guest from 218.1.65.233
Nov 10 19:20:49 MacBook-Pro sshd[12101]: Invalid user admin from 218.1.65.233
Nov 10 19:20:53 MacBook-Pro sshd[12103]: Invalid user admin from 218.1.65.233
Nov 10 19:20:57 MacBook-Pro sshd[12105]: Invalid user user from 218.1.65.233
Nov 10 19:21:13 MacBook-Pro sshd[12116]: Invalid user test from 218.1.65.233
Nov 10 20:23:04 MacBook-Pro sshd[12152]: Invalid user apple from 125.16.216.69
Nov 10 20:23:09 MacBook-Pro sshd[12157]: Invalid user brian from 125.16.216.69
Nov 10 20:23:15 MacBook-Pro sshd[12162]: Invalid user andrew from 125.16.216.69
Nov 10 20:23:20 MacBook-Pro sshd[12167]: Invalid user newsroom from 125.16.216.69

Each attack would last between five and 20 minutes and they'd all go for the low hanging fruit such as common usernames and passwords. One solution is to simply change the SSH port from 22 to an obscure port.

I'll be keeping a close eye on those logs.

Mea Vita: Carpe Diem

Sunday, November 11, 2007

What is the deal with Asian hacking?

No comments:

Post a Comment