[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Attacks on ssh port

Subject: Attacks on ssh port
From: mikhailg at webanoide.org (Mikhail Goriachev)
Date: Sun Sep 19 02:33:49 2004

Antony Mawer wrote:
> Chris Ryan wrote:
> 
>>protection - with the appropriate active firewall that
>>blocks their IP address after x failed attempts
>>permanently....
> 
> 
> Has anyone found any good scripts or utilities for automating this kind 
> of thing? I too have been subject to these probings, and my initial 
> thought was to firewall off any address after any number of incorrect 
> attempts.
> 
> While I could write a script to parse the ipfilter logs, I didn't want 
> to go re-inventing the wheel for something which I was sure someone 
> would have already attempted.
> 
> Anyone have any suggestions?
> 
> Cheers
> Antony

Is it actually good idea to block those IPs? I get lots of attacks too 
on daily basis on my machines for: root, man, smmsp, nobody, bin, 
daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent 
e-mails to abuse_(_at_)_{$attack-comming-from-x-network}_(_dot_)_{$domain} and 0.01% of 
them replied. However, the attacks never come from same networks nor IPs.

My 2 cents.

Cheers,
Mikhail

References:
- Attacks on ssh port
  - From: Chris Ryan
- Attacks on ssh port
  - From: Antony Mawer

Prev by Date: Random source ports in FreeBSD?
Next by Date: sshd security
Previous by thread: Attacks on ssh port
Next by thread: Attacks on ssh port
Index(es):
- Date
- Thread

Visit your host, monkey.org