Re: Brute force attacks

[TheGesus <thegesus () gmail com>]

On 5/31/07, Mohamad Mneimneh <Mohamad.Mneimneh () dargroup com> wrote:
> Hi List,
>
> I've been experiencing brute force dictionary attacks from various
> sources against my gateway. The attacker is trying all kinds of
> username/password combinations to get in.
>
> I have traced the source IP addresses on internet authorities such as
> Ripe, Arin & Apnic; the feedback I get is that "Country is really world
> wide". I then traced the IPs using visual route, and saw that their
> locations vary widely; some of them are in the US, some in China, others
> in Poland...
>
> What are my options in such a case? Have you ever experienced such a
> behavior? And what are the best practices that apply?
>
> Thank you,
>
> -Mohamad.

I have been told, on good authority, that changing the default port
for ssh can be "a configuration decision" and *NOT* - dare I speak its
name - "security by obscurity".

Sure, it won't stop a determined hacker.  So change it and see if
there's a determined hacker out to get you.  Maybe there is, but I
predict that the brute force attacks will just stop.