Anybody getting ssh bruce force attacks?
shane.shields at erkunttarim.com.tr
Sun Nov 20 23:14:32 PST 2005
Gerard Beekmans wrote:
> Hey guys,
> Just wondering who else has been getting these. I have a /24 IP space
> that seems to be targeted lately for sshd bruce force attacks. I can't
> seem to keep up with firewalling the bad guys out. Luckily there's no
> such thing as weak passwords on the servers I have access to, so all
> should be well. For now anyway. It's just annoying.
> Yeah I could block all access to port 22 and only allow a select few
> IP addresses access but this makes things cumbersome when I try to
> login to my machine when I'm out of town.
> The only maybe way around this is create a web app where I can input
> IP addresses that can SSH and some cronjob to check for changes and
> update the firewall accordingly.
> Does anybody have other ideas? I'd like to keep ssh open for
> convenience reasons. It'd really suck if I block the world, am out of
> town, get an emergency call for work, and "oops I can't login until
> I'm home again which will be in a few days. Sorry boss, you'll just
> have to live with the downed service until then." That's not going to
> go over very well.
These type of attacks are on the rise and both my machine and works
servers are targeted every day. If you have strong passwords then there
is not too much to worry about. There are several blockers out on the
net that are quite good. If you search for them on google you will get
several straight off. I dont have the names in my head atm, sorry.
Another thing you can do is go over your sshd_config file with a fine
toothed comb and disable root login, allow only you as a user (assuming
that just you will be logging in) and set your MaxStartups to 3/75/10
Registered LFS Compiler: 7582
To drink the WINE of success you must first seek the sayings of source
Anyone sending unwanted advertising e-mail to this address will be charged $25 for network traffic and computing time. By extracting my address from this message or its header, you agree to these terms.
More information about the lfs-support