[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Distributed SSH username/password brute forceattack

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Distributed SSH username/password brute forceattack
From: Anders B Jansson <hdw@xxxxxxxxxxx>
Date: Tue, 23 Oct 2007 00:04:06 +0200

A.L.M.Buxey@xxxxxxxxxxx wrote:
> Hi,
> 
>> Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher 
>> from 77.46.152.2 port 55120 ssh2
> 
> user/password authentication for SSH?  one way of cleaning up your
> logs and killing this type of attack is to reconfigure your OpenSSH
> to only allow key based logins. stopped my 10M+ logfiles straight away

An even better way is to punt the attackers to a 'silent drop' table in your 
firewall.

Cuts your logs to nothing and keeps the kiddies wasting their time.

The latest attack surge is either directed or a bit more clever, haven't seen 
anything on my random user DSL traps.
-- 
// hdw

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Distributed SSH username/password brute forceattack
  - From: nocfed

References:
- [Full-disclosure] Distributed SSH username/password brute force attack
  - From: Philipp
- Re: [Full-disclosure] Distributed SSH username/password brute forceattack
  - From: Valery Marchuk
- Re: [Full-disclosure] Distributed SSH username/password brute forceattack
  - From: A . L . M . Buxey

Prev by Date: [Full-disclosure] [ GLSA 200710-23 ] Star: Directory traversal vulnerability
Next by Date: [Full-disclosure] [USN-501-2] Ghostscript vulnerability
Previous by thread: Re: [Full-disclosure] Distributed SSH username/password brute forceattack
Next by thread: Re: [Full-disclosure] Distributed SSH username/password brute forceattack
Index(es):
- Date
- Thread