Security Incidents mailing list archives

Re: Re: RE: Internet SSH scans

From: mrbits () terra com br
Date: 3 Mar 2006 09:33:56 -0000

These SSH scans are generated ( in most of cases ) by Linux Zombie machines, infected with a kind of worm used to get 
vulnerable hosts to install a PBSync IRC. 

I just changed my default SSH port and all attacks had stoped. 

Another way is run somethink like DenyHosts, a python-based daemon that scans logs and put the "attacker ip" into 
/etc/hosts.deny:

SSHD:10.0.0.1  ( for example ).

CheerS

Current thread:

Re: Internet SSH scans, (continued)
- - Message not available
    - Re: Internet SSH scans Jamie Riden (Mar 03)
- Re: Internet SSH scans Matt Rae (Mar 03)
- Re: Internet SSH scans Hugo J. Curti (Mar 06)
- RE: Internet SSH scans steve (Mar 02)
  - RE: Internet SSH scans Peter Bassill (Mar 03)
- Re: RE: Internet SSH scans admin (Mar 03)
  - Re: RE: Internet SSH scans Daxomatic (Mar 03)
  - Re: RE: Internet SSH scans Christine Kronberg (Mar 03)
  - Re: Internet SSH scans JK Adams (Mar 03)
- Re: RE: Internet SSH scans joakim . berge (Mar 03)
- Re: Re: RE: Internet SSH scans mrbits (Mar 03)
  - RE: Internet SSH scans Adriano Carvalho (Mar 21)
    - Re: Internet SSH scans Valdis . Kletnieks (Mar 22)
    - Re: Internet SSH scans Adriano Carvalho (Mar 22)
- RE: Internet SSH scans William Tarkington (Mar 03)
  - Re: Internet SSH scans ilaiy (Mar 03)
  - Re: Internet SSH scans Stephen J. Smoogen (Mar 03)
- RE: RE: Internet SSH scans Teodorski, Chris (Mar 03)
- Re: Re: Internet SSH scans notonyour (Mar 04)
- Re: RE: Internet SSH scans Michael . Lang (Mar 23)
  - Re: Internet SSH scans Valdis . Kletnieks (Mar 23)