I am running Fedora Core1 and had an interesting attack show up in my logs.

Someone tried to ssh running through the entire list of users.

My question is how did they get that list of valid users?  There is no
evidence of simply trying random users - they knew every user.

Is there something in Linux that would return a request for every user name?

Is there something I should have turned off so that cannot happen again?

I blocked their IP address in IPTables but they can find a way around that.
And I would like to block anyone from trying something similar.

Any suggestions would be greatly appreciated.

Thanks All,

Doug


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list