Security Basics mailing list archives
Re: Brute force attacks
From: TheGesus <thegesus () gmail com>
Date: Fri, 1 Jun 2007 22:08:14 -0400
On 5/31/07, Mohamad Mneimneh <Mohamad.Mneimneh () dargroup com> wrote:
Hi List, I've been experiencing brute force dictionary attacks from various sources against my gateway. The attacker is trying all kinds of username/password combinations to get in. I have traced the source IP addresses on internet authorities such as Ripe, Arin & Apnic; the feedback I get is that "Country is really world wide". I then traced the IPs using visual route, and saw that their locations vary widely; some of them are in the US, some in China, others in Poland... What are my options in such a case? Have you ever experienced such a behavior? And what are the best practices that apply? Thank you, -Mohamad.
I have been told, on good authority, that changing the default port for ssh can be "a configuration decision" and *NOT* - dare I speak its name - "security by obscurity". Sure, it won't stop a determined hacker. So change it and see if there's a determined hacker out to get you. Maybe there is, but I predict that the brute force attacks will just stop.
Current thread:
- Re: Brute force attacks TheGesus (Jun 04)
- <Possible follow-ups>
- RE: Brute force attacks Scott Dickinson (Jun 04)