Security Incidents mailing list archives
Re: Internet SSH scans
From: "Hugo J. Curti" <hcurti () exa unicen edu ar>
Date: Mon, 06 Mar 2006 20:09:02 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Alexandre, I also had that problem. I decided not to change the port number, and to live with the log noise, but to increase security I decided to deny root access via ssh, and to Allow access to users that really require ssh access (in my network there are more than 300 users, but only 5 need ssh access, one of them is me). This reduces the possibility of a successful brute force attack. Just add these lines in the sshd_config file: PermitRootLogin no AllowUsers <xx> <yy> <zz> where <xx>, <yy> and <zz> are the users that REALLY require ssh access, after checking they do not have a weak user name (like 'john' or 'mary') and/or a weak password. Alexandre H wrote:
Hi, I've witnessed what I think is an increase in SSH scans over the Internet in the past four or five weeks. The scan seems to originate from various countries around the globe which makes me think of it to be a worm-like spreading virus searching for vulnerable systems running the SSH service. I confirmed the attack with a friend of mine who also happens to run a SSH server at home. We both live in Montreal, QC, Canada and are using the same ISP. . . .
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEDMENy9s+D7eSFvkRAkMVAJ9eNWKVftmaU3tbcUBsdlrh/RGAYACfaD5z CN2Odgcd5/w/ysrFDUwpGsk= =ktTN -----END PGP SIGNATURE-----
Current thread:
- Internet SSH scans Alexandre H (Mar 02)
- RE: Internet SSH scans Tom Frerichs (Mar 02)
- RE: Internet SSH scans terry white (Mar 03)
- Re: Internet SSH scans Jonathan Nichols (Mar 03)
- RE: Internet SSH scans terry white (Mar 03)
- Re: Internet SSH scans Skip Carter (Mar 03)
- Re: Internet SSH scans Daniel Cid (Mar 03)
- Message not available
- Re: Internet SSH scans Jamie Riden (Mar 03)
- RE: Internet SSH scans Tom Frerichs (Mar 02)
- Re: Internet SSH scans Matt Rae (Mar 03)
- Re: Internet SSH scans Hugo J. Curti (Mar 06)
- <Possible follow-ups>
- RE: Internet SSH scans steve (Mar 02)
- RE: Internet SSH scans Peter Bassill (Mar 03)
- Re: RE: Internet SSH scans admin (Mar 03)
- Re: RE: Internet SSH scans Daxomatic (Mar 03)
- Re: RE: Internet SSH scans Christine Kronberg (Mar 03)
- Re: Internet SSH scans JK Adams (Mar 03)
- Re: RE: Internet SSH scans joakim . berge (Mar 03)
- Re: Re: RE: Internet SSH scans mrbits (Mar 03)
- RE: Internet SSH scans Adriano Carvalho (Mar 21)
- Re: Internet SSH scans Valdis . Kletnieks (Mar 22)
- RE: Internet SSH scans Adriano Carvalho (Mar 21)