[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Distributed SSH username/password brute forceattack

To: Valery Marchuk <tecklord@xxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Distributed SSH username/password brute forceattack
From: A.L.M.Buxey@xxxxxxxxxxx
Date: Mon, 22 Oct 2007 21:34:19 +0100

Hi,

> Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher 
> from 77.46.152.2 port 55120 ssh2

user/password authentication for SSH?  one way of cleaning up your
logs and killing this type of attack is to reconfigure your OpenSSH
to only allow key based logins. stopped my 10M+ logfiles straight away
(then the apache attacks were easier to see too ;-) )

alan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Distributed SSH username/password brute forceattack
  - From: Anders B Jansson
- Re: [Full-disclosure] Distributed SSH username/password brute forceattack
  - From: Vincent Archer

References:
- [Full-disclosure] Distributed SSH username/password brute force attack
  - From: Philipp
- Re: [Full-disclosure] Distributed SSH username/password brute forceattack
  - From: Valery Marchuk

Prev by Date: [Full-disclosure] PacSec 2007 Agenda (Tokyo 11-29/30)
Next by Date: Re: [Full-disclosure] ifnet.it WEBIF XSS Vulnerability
Previous by thread: Re: [Full-disclosure] Distributed SSH username/password brute forceattack
Next by thread: Re: [Full-disclosure] Distributed SSH username/password brute forceattack
Index(es):
- Date
- Thread