Full Disclosure mailing list archives
Re: Distributed SSH username/password brute forceattack
From: Anders B Jansson <hdw () kallisti se>
Date: Tue, 23 Oct 2007 00:04:06 +0200
A.L.M.Buxey () lboro ac uk wrote:
Hi,Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher from 77.46.152.2 port 55120 ssh2user/password authentication for SSH? one way of cleaning up your logs and killing this type of attack is to reconfigure your OpenSSH to only allow key based logins. stopped my 10M+ logfiles straight away
An even better way is to punt the attackers to a 'silent drop' table in your firewall. Cuts your logs to nothing and keeps the kiddies wasting their time. The latest attack surge is either directed or a bit more clever, haven't seen anything on my random user DSL traps. -- // hdw _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Distributed SSH username/password brute force attack Philipp (Oct 22)
- Re: Distributed SSH username/password brute forceattack cybergoth (Oct 22)
- Re: Distributed SSH username/password brute forceattack Valery Marchuk (Oct 22)
- Re: Distributed SSH username/password brute forceattack A . L . M . Buxey (Oct 22)
- Re: Distributed SSH username/password brute forceattack Anders B Jansson (Oct 22)
- Re: Distributed SSH username/password brute forceattack nocfed (Oct 23)
- Re: Distributed SSH username/password brute forceattack Vincent Archer (Oct 24)
- Re: Distributed SSH username/password brute forceattack A . L . M . Buxey (Oct 22)