[Cialug] denyhosts logging LOTS of attacks
Josh More
morej at alliancetechnologies.net
Tue May 13 11:59:49 CDT 2008
Yes, SSH attacks are spiking right now. More details here:
http://isc.sans.org/diary.html?storyid=4408
-Josh More, RHCE, CISSP, NCLP, GIAC
morej at alliancetechnologies.net
515-245-7701
>>> David Bierce <david at bierce.org> 05/13/08 11:56 AM >>>
SSH attacks for all the machines I manage with external SSH seem to
come in spirts and not to all machines at the same time.
It's mostly gone away now that I slow down/stop connections at the
firewall using a 3 strikes and you're denied for a minute approach at
the firewall for hosts trying to connect via SSH.
Dave
On May 13, 2008, at 11:49 AM, Kendall Bailey wrote:
> I run an SSH server on port 22 as my only public service. I run the
> denyhosts daemon to protect against dictionary attacks and lock down
> SSH pretty thoroughly in other regards, but still allow connection
> from any host otherwise. The last few days I've seen hundreds of
> hosts logged by denyhosts. Anyone know why random dictionary attacks
> might be spiking? Is it widespread? I'm considering closing that
> port for a while.
>
> Thanks.
> Kendall
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list