Educause Security Discussion mailing list archives
Re: significant incoming SSH volume
From: Mike Iglesias <iglesias () UCI EDU>
Date: Tue, 16 Mar 2010 13:46:50 -0700
On 03/16/2010 01:07 PM, Justin Sipher wrote:
Hello all. We have seen a drastic uptick in recent days for inbound SSH connections to many of our servers. These connection are attempting to connect to our servers as ROOT and are coming from IP addressed appearing to be mostly overseas. They number in the thousands of connections. While we are confident in the strength of our passwords, as you know with enough effort....... My questions to this group are: * Is anyone else seeing this?
About once a month we get hit by ~700 different IPs probing systems with port 22 open.
* Are you doing anything to address this? We are contemplating blocking SSH inbound on our firewall and requiring any external SSH connection to first connect to our VPN. In some ways it seems excessive and maybe even unsustainable. On the other hand, protecting our servers is important as you well know.
We block all inbound traffic except to systems registered as servers, so there are a limited number of systems with port 22 exposed. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Office of Information Technology FAX: 949-824-2270
Current thread:
- significant incoming SSH volume Justin Sipher (Mar 16)
- <Possible follow-ups>
- Re: significant incoming SSH volume Joe Vieira (Mar 16)
- Re: significant incoming SSH volume Edgmand, Craig (Mar 16)
- Re: significant incoming SSH volume Michael Horne (Mar 16)
- Re: significant incoming SSH volume Joel Rosenblatt (Mar 16)
- Re: significant incoming SSH volume John Kristoff (Mar 16)
- Re: significant incoming SSH volume Mike Iglesias (Mar 16)
- Re: significant incoming SSH volume Michael J. Wheeler (Mar 16)
- Re: significant incoming SSH volume Russell Fulton (Mar 17)
- Re: significant incoming SSH volume Dexter Caldwell (Mar 17)
- Re: significant incoming SSH volume Miller, Don C. (Mar 18)
- Re: significant incoming SSH volume Michael J. Wheeler (Mar 18)
- Re: significant incoming SSH volume Scott Beardsley (Mar 19)