Anybody getting ssh bruce force attacks?
gerard at linuxfromscratch.org
Sun Nov 20 16:17:55 PST 2005
Just wondering who else has been getting these. I have a /24 IP space
that seems to be targeted lately for sshd bruce force attacks. I can't
seem to keep up with firewalling the bad guys out. Luckily there's no
such thing as weak passwords on the servers I have access to, so all
should be well. For now anyway. It's just annoying.
Yeah I could block all access to port 22 and only allow a select few IP
addresses access but this makes things cumbersome when I try to login to
my machine when I'm out of town.
The only maybe way around this is create a web app where I can input IP
addresses that can SSH and some cronjob to check for changes and update
the firewall accordingly.
Does anybody have other ideas? I'd like to keep ssh open for convenience
reasons. It'd really suck if I block the world, am out of town, get an
emergency call for work, and "oops I can't login until I'm home again
which will be in a few days. Sorry boss, you'll just have to live with
the downed service until then." That's not going to go over very well.
/* If Linux doesn't have the solution, you have the wrong problem */
More information about the lfs-support