Security Basics mailing list archives
RE: Brute force attacks
From: "Scott Dickinson" <whip () netspace net au>
Date: Sat, 2 Jun 2007 14:40:53 +1000
Setting up port knocking can help reduce brute force attempts too. Anyone who gets through port knocking should then have DenyHosts or similar to drop some more off. At the end of the day, denying direct root logon, and secure passwords are the only real defence. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com Sent: Friday, 1 June 2007 4:55 AM To: security-basics () securityfocus com Subject: Re: Brute force attacks Welcome to the Internet! :) Seriously, my open SSH ports get minimal brute force attacks daily, typically anywhere from 2 attempts to a couple thousand. Watch these long enough and you can see that while they come randomly and from different IPs, the same battery of username/password combinations tend to get used. In other words, you may be experiencing normal random junk from automated scanning systems from the Internet. And there is not much you can do about it. You could block their IPs on your border, but be careful what you block in case you have business that comes from there. My best practice is to just be aware of it and block if it starts to impact services/bandwidth or just block if you know you can safely do that. Keep those services hardened and accounts safely limited and protected with complex, regularly rotated passwords. <- snip -> Hi List, I've been experiencing brute force dictionary attacks from various sources against my gateway. The attacker is trying all kinds of username/password combinations to get in. I have traced the source IP addresses on internet authorities such as Ripe, Arin & Apnic; the feedback I get is that "Country is really world wide". I then traced the IPs using visual route, and saw that their locations vary widely; some of them are in the US, some in China, others in Poland... What are my options in such a case? Have you ever experienced such a behavior? And what are the best practices that apply? Thank you, -Mohamad. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.4/825 - Release Date: 30/05/2007 3:03 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.6/828 - Release Date: 1/06/2007 11:22 AM
Current thread:
- Re: Brute force attacks TheGesus (Jun 04)
- <Possible follow-ups>
- RE: Brute force attacks Scott Dickinson (Jun 04)