Security Basics mailing list archives
Re: Brute force attacks
From: krymson () gmail com
Date: 31 May 2007 18:55:19 -0000
Welcome to the Internet! :) Seriously, my open SSH ports get minimal brute force attacks daily, typically anywhere from 2 attempts to a couple thousand. Watch these long enough and you can see that while they come randomly and from different IPs, the same battery of username/password combinations tend to get used. In other words, you may be experiencing normal random junk from automated scanning systems from the Internet. And there is not much you can do about it. You could block their IPs on your border, but be careful what you block in case you have business that comes from there. My best practice is to just be aware of it and block if it starts to impact services/bandwidth or just block if you know you can safely do that. Keep those services hardened and accounts safely limited and protected with complex, regularly rotated passwords. <- snip -> Hi List, I've been experiencing brute force dictionary attacks from various sources against my gateway. The attacker is trying all kinds of username/password combinations to get in. I have traced the source IP addresses on internet authorities such as Ripe, Arin & Apnic; the feedback I get is that "Country is really world wide". I then traced the IPs using visual route, and saw that their locations vary widely; some of them are in the US, some in China, others in Poland... What are my options in such a case? Have you ever experienced such a behavior? And what are the best practices that apply? Thank you, -Mohamad.
Current thread:
- Brute force attacks Mohamad Mneimneh (May 31)
- Re: Brute force attacks Ali, Saqib (May 31)
- Message not available
- Re: Brute force attacks Eric Stacey (May 31)
- Message not available
- Re: Brute force attacks David Bergert (May 31)
- Re: Brute force attacks Ali, Saqib (May 31)
- Re: Brute force attacks Manuel Arostegui Ramirez (May 31)
- <Possible follow-ups>
- Re: Brute force attacks krymson (May 31)