Security Incidents mailing list archives
Re: SSH probe attack afoot?
From: Stephen Warren <swarren () wwwdotorg org>
Date: Mon, 07 Feb 2005 16:55:50 -0700
On 6 Feb 2005, at 15:09, Bernie Cosell wrote:We're now getting hammered with the third round of ssh probes in the last four days [one from CA, one from Brazil and one from Virginia]. I was wondering: is there some virus or the like floating around now that leaves an ssh-hammering zombie in its wake? Or is it just coincidental that we have gotten three floods?
I got fed up with seeing this kind of thing in my logs. So, I switched SSH to a non-default port, and it all went away:-)Sometimes, security through obscurity is very useful. Now at least I have a small SSHD logfile, so I'll pay more attention to it if something shows up in it.
Of course, depending on your user-base, you might have to spend a lot of time on user-education after this change.
Current thread:
- SSH probe attack afoot? Bernie Cosell (Feb 07)
- Re: SSH probe attack afoot? Martin Sarsale (Feb 07)
- Re: SSH probe attack afoot? Steve Bonds (Feb 07)
- Re: SSH probe attack afoot? Steven Harrison (Feb 07)
- Re: SSH probe attack afoot? xyberpix (Feb 07)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? j () 65535 com (Feb 08)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 07)
- Re: SSH probe attack afoot? j lake (Feb 08)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 12)
- Re: SSH probe attack afoot? Stephen J. Smoogen (Feb 12)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 16)
- <Possible follow-ups>
- Re: SSH probe attack afoot? Joe Egloff (Feb 07)
- Re: SSH probe attack afoot? naverxp (Feb 08)
- Re: SSH probe attack afoot? Tim (Feb 08)
- Re: SSH probe attack afoot? Frank Knobbe (Feb 08)
- Re: SSH probe attack afoot? naverxp (Feb 08)
(Thread continues...)
- Re: SSH probe attack afoot? Martin Sarsale (Feb 07)