Anybody getting ssh bruce force attacks?

Gerard Beekmans gerard at linuxfromscratch.org
Sun Nov 20 16:17:55 PST 2005


Hey guys,

Just wondering who else has been getting these. I have a /24 IP space 
that seems to be targeted lately for sshd bruce force attacks. I can't 
seem to keep up with firewalling the bad guys out. Luckily there's no 
such thing as weak passwords on the servers I have access to, so all 
should be well. For now anyway. It's just annoying.

Yeah I could block all access to port 22 and only allow a select few IP 
addresses access but this makes things cumbersome when I try to login to 
my machine when I'm out of town.

The only maybe way around this is create a web app where I can input IP 
addresses that can SSH and some cronjob to check for changes and update 
the firewall accordingly.

Does anybody have other ideas? I'd like to keep ssh open for convenience 
reasons. It'd really suck if I block the world, am out of town, get an 
emergency call for work, and "oops I can't login until I'm home again 
which will be in a few days. Sorry boss, you'll just have to live with 
the downed service until then." That's not going to go over very well.



-- 
Gerard Beekmans

/* If Linux doesn't have the solution, you have the wrong problem */




More information about the lfs-support mailing list