Re: Any update on SSH brute force attempts?

[Miriam Chan <miriamchan () geocities com>]

Jay Libove wrote:
> Recently, a couple of times a week, I see repeats of this which now have
> as many as fifty different accounts being attacked.  (Almost none of which
> exist on my server, and none of which will have common passwords
> thankyouverymuch).

By the way, I started to suspect that the attacks were intentional (not just
some games by some script kiddies.) I had some servers accepting SSH
connections from anywhere (this is for easy access, and I know it is not
a very good idea.)

Before I set up a Portsentry-like mechanism to block the bad hosts, I got at
least 5-6 attempts per day. Afterward, I got nearly none (just some 1-2
attempts a day.) The change looks simply too much for me. If I got some
number of attacks a day, I would expect the same number of attacks the next
day if the attackes were automatically done by some virus/worms. I wished that
it was done by some virus, because (I think) a virus is not more malicious
than a planned cracking behaviour.

Do anyone have the same observations as me ? It should be great if you saw
it and shared your ideas.

Miriam.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html