[NCLUG] Securing ftpd
Michael Dwyer
mdwyer at sixthdimension.com
Tue Mar 20 13:06:07 MST 2001
> On one machine, I can't use ssh because most of the clients are
Windows
> (unless there is a way for Windows clients to use ssh; I'm not aware
of
> one).
There /are/ Windows ports of SSH/SCP but they are usually console-only
apps. Windows users typically shudder at the thought of trying to find
a file a send it using a command prompt.
If your users are enlightened, you might look into PuTTY, or Cygwin. I
believe they both provide SCP. If not, you can always shell out the
money to F-Secure...
I think you can find suggestions at http://www.openssh.com/windows.html
> Second: My security logs show the same hacker trying to get into two
> different machines on completely different networks. The only thing
> relating these two machines is a nightly rsync using ssh. How would
the
> hacker know about this?
(mdwyer's ears perk up) Really? Cool!
To answer the question, the hacker could be upstream of you, and
watching your SSH packets go by. The hacker could already be on
your system, and checked the crontabs to see that rsync runs nightly.
Lastly, the hacker could have used an automated scan that happened
across both of them, and he isn't actually aware of the connection
between the two.
What do your security logs show? What kind of attack is this?
More information about the NCLUG
mailing list