Kurt McKee

lessons learned in production

Hey there! This article was written in 2005.

It might not have aged well for any number of reasons, so keep that in mind when reading (or clicking outgoing links!).

I hate script kiddies!

Posted 20 May 2005 in technology

Unbelievable. Allan Tokuda pointed out that there exists a file under Linux that keeps track of all kinds of system events. I finally checked mine today. Wow. There's some pretty crazy stuff that silently happens to my computer.

I ran a few commands and picked out the most interesting information to me: the number of hacking attempts that failed. Here's a few of the commands I ran and the output (the output is in bold):

$ grep "Invalid user" messages | wc -l
7827

$ grep "Invalid user" messages | column -t | colrm 1 83 | sort | uniq | wc -l
57

The first command just picks out all of the failed login attempts, based on the fact that the username being used didn't exist. For instance, the user "anisoara" doesn't exist on my computer, so there's a line in the file that basically says "The invalid user anisoara attempted to login".

The second command also selects all of the failed login attempts, but then counts all of the unique IP addresses from which the login attempts originated.

What this tells me is that just under 60 IP addresses have tried to guess their way into my computer almost 8000 times. Remember that it's 60 different IP addresses, which is not necessarily the same thing as 60 different computers.

The take-home message for everyone out there is this: use strong passwords. As an example, my password at the Health Service is over 60 characters long (it's the lyrics to a song). Also, keep your computer's software properly patched and updated. If you're on Windows, visit Windows Update regularly, and keep the rest of your software (Firefox, Thunderbird, and Gaim, for instance) fully patched. If you want any advice or suggestions, let me know -- I'll be glad to help work to make your computer more secure. Good luck!