Security Basics mailing list archives
Re: Brute force attacks
From: David Bergert <infosecblurb () gmail com>
Date: Thu, 31 May 2007 15:30:49 -0500
You don't state what type of system or service that you are detecting the events against....
for SSH here are some tips: http://www.fduran.com/wordpress/defending-against-ssh-brute-force-attacks/I personally run ssh on an alternative port to discourse automated scripts and run http://denyhosts.sourceforge.net/ to block ip's after a certain number of invalid attempts for a period of time. and this has stopped the noise in my /var/log/secure logs.
Regards, DB http://www.infosecblurb.com Ali, Saqib wrote:
Brute force attack are common. I get tons of them every day. There is not much you can do. saqib http://www.full-disk-encryption.net On 5/31/07, Mohamad Mneimneh <Mohamad.Mneimneh () dargroup com> wrote:Hi List, I've been experiencing brute force dictionary attacks from various sources against my gateway. The attacker is trying all kinds of username/password combinations to get in. I have traced the source IP addresses on internet authorities such as Ripe, Arin & Apnic; the feedback I get is that "Country is really world wide". I then traced the IPs using visual route, and saw that their locations vary widely; some of them are in the US, some in China, others in Poland... What are my options in such a case? Have you ever experienced such a behavior? And what are the best practices that apply? Thank you, -Mohamad.
Current thread:
- Brute force attacks Mohamad Mneimneh (May 31)
- Re: Brute force attacks Ali, Saqib (May 31)
- Message not available
- Re: Brute force attacks Eric Stacey (May 31)
- Message not available
- Re: Brute force attacks David Bergert (May 31)
- Re: Brute force attacks Ali, Saqib (May 31)
- Re: Brute force attacks Manuel Arostegui Ramirez (May 31)
- <Possible follow-ups>
- Re: Brute force attacks krymson (May 31)