[Cialug] denyhosts logging LOTS of attacks
David Bierce
david at bierce.org
Tue May 13 11:56:20 CDT 2008
SSH attacks for all the machines I manage with external SSH seem to
come in spirts and not to all machines at the same time.
It's mostly gone away now that I slow down/stop connections at the
firewall using a 3 strikes and you're denied for a minute approach at
the firewall for hosts trying to connect via SSH.
Dave
On May 13, 2008, at 11:49 AM, Kendall Bailey wrote:
> I run an SSH server on port 22 as my only public service. I run the
> denyhosts daemon to protect against dictionary attacks and lock down
> SSH pretty thoroughly in other regards, but still allow connection
> from any host otherwise. The last few days I've seen hundreds of
> hosts logged by denyhosts. Anyone know why random dictionary attacks
> might be spiking? Is it widespread? I'm considering closing that
> port for a while.
>
> Thanks.
> Kendall
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list