Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Weird SSH attack last night and this morning (still ongoing)

From: Blaine Fleming <groups () digital-z com>
Date: Wed, 07 May 2008 11:36:18 -0600
Gary Baribault wrote:
I don't know what is going on last night and this morning ... I have three Linux servers facing the Internet, two on cable modems and another on a static IP/commercial connection and this last one is a gateway to a Web/FTP/SMTP/Pop3/NTP Linux based system. 
<snip>
Is any one else seing this? or am I being targeted? This is still going on now .. and it started arround 10:00 last night GMT+4
I've had one system bouncing off of SSH on one of my servers for about a week now. I have fail2ban configured to drop them for six hours after five failed connects. The server in question is configured for key authentication only but they keep trying to submit a password anyway. The second the ban drops I see them connecting again. Other than that, I haven't seen anything bouncing off my servers repeatedly. Everything gets banned once and never comes back. 

--Blaine
Previous By Date Next
Previous By Thread Next

Current thread: