Some body tried to intrude my linux machine, what should I do?

Hi linux guru,

Somebody tried to intrude my linux machine.
What should I do?

I saw in the log file indicating
"check pass; user unknown".

Is it dangerous for my machine now?
How to trace the intruder back?
Is there some good intruder detection package
for linux?

Thank you,

py


log message:

Sep 22 16:11:42 aphrodite sshd(pam_unix)[9103]: authentication
failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=217.119.113.247
Sep 22 16:11:49 aphrodite sshd(pam_unix)[9107]: check pass; user
unknown
Sep 22 16:11:49 aphrodite sshd(pam_unix)[9107]: authentication
failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=217.119.113.247
Sep 22 16:11:56 aphrodite sshd(pam_unix)[9109]: check pass; user
unknown
Sep 22 16:11:56 aphrodite sshd(pam_unix)[9109]: authentication
failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=217.119.113.247
Sep 22 16:12:03 aphrodite sshd(pam_unix)[9111]: authentication
failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=217.119.113.247 user=root
Sep 22 16:12:09 aphrodite sshd(pam_unix)[9113]: authentication
failure; logname= uid=0 e............

hsiao@ccr.jussieu.fr (Pai-Yi Hsiao) wrote in
news:c66f415c.0409221730.2a8130bc@posting.google.c om:

> Is it dangerous for my machine now?

Most of these are automatic scripts that just try every system then move
on. What you need to watch for is someoone getting TOO interested in your
box. The same IP coming back day after day to try more things.

Gandalf Parker

On Wed, 22 Sep 2004 18:30:11 -0700, Pai-Yi Hsiao rambled:

> Is there some good intruder detection package
> for linux?

sort, tripwire et. al.
Google for details

HTH,
Dave
--
David Green (mail.david@dsl.pipex.com)
Hands up for human rights!
http://www.amnesty.org