Security Basics mailing list archives
Re: Reporting SSH abuse
From: Chris Lyon <cslyon () gmail com>
Date: Wed, 10 Mar 2010 16:07:18 -0800
On Tue, Mar 9, 2010 at 1:26 PM, James Bensley <jwbensley () gmail com> wrote:
I find in these situations, who is it you should actually tell? In the your case were the traffic is coming from a University I'm sure the Uni tech team would appreciated knowing but I have had it from some IP in Brazil, I never reported it because I couldn't think who would give a damn?
And to this point, it is probably a student with an infected laptop running these attack for all we know. I just ran a report against all our open SSH servers and we had over 20 unique hosts within the last 2 hours, mostly from China and Colombia just hammering away at our infrastructure. Lucky we are using denyhosts and we don't allow the use of passwords, key based only. We do rarely see the same host again, even after they have been unblocked. You might want to look at denyhost instead of Fail2ban, you can report these up into a central server which is a little bit better for management. FWIW. You might also want to check this out too: http://www.sshbl.org/ and this http://dogtown.mare-system.de/sshblacklist-signatures There are snort rules for SSH brute force hosts, we also have our own snort rules for SSH brute force attempts. -Chris ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Reporting SSH abuse Dan Pilcheck (Mar 09)
- Re: Reporting SSH abuse Liquid (Mar 10)
- Re: Reporting SSH abuse Greg R (Mar 15)
- RE: Reporting SSH abuse Dan Lynch (Mar 10)
- Re: Reporting SSH abuse Feeyo|NixDevs (Mar 15)
- Re: Reporting SSH abuse James Bensley (Mar 10)
- Re: Reporting SSH abuse Chris Lyon (Mar 15)
- Re: Reporting SSH abuse mgk (Mar 19)
- Re: Reporting SSH abuse Liquid (Mar 10)