[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] targetted SSH bruteforce attacks

To: Samuel Martín Moro <faust64@xxxxxxxxx>
Subject: Re: [Full-disclosure] targetted SSH bruteforce attacks
From: yersinia <yersinia.spiros@xxxxxxxxx>
Date: Wed, 23 Jun 2010 10:22:09 +0200

On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro <faust64@xxxxxxxxx>wrote:

>
> I also don't want to change my ssh port, nor restrict incoming IPs, ... and
> I use keys only to log in without entering password.
> So you're not alone.
> I had my IP changed several times, my servers are only hosting personal
> data.
> But I'm still seeing bruteforce attemps in my logs.
>
> Here's something I use on my servers.
> In cron, every 5-10 minutes, that should do it.
> Of course, if you're running *BSD, pf is way more interesting to do that.
>
> Perhaps could be better to use something standard as fail2ban

http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] targetted SSH bruteforce attacks
  - From: Cody Robertson

References:
- [Full-disclosure] [SECURITY] [DSA 2062-1] New sudo packages fix environment sanitization bypass vulnerability
  - From: Giuseppe Iuculano
- [Full-disclosure] targetted SSH bruteforce attacks
  - From: Gary Baribault
- Re: [Full-disclosure] targetted SSH bruteforce attacks
  - From: Samuel Martín Moro

Prev by Date: [Full-disclosure] IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
Next by Date: [Full-disclosure] Microsoft Help Files (.CHM): 'Locked File' Feature Bypass
Previous by thread: Re: [Full-disclosure] targetted SSH bruteforce attacks
Next by thread: Re: [Full-disclosure] targetted SSH bruteforce attacks
Index(es):
- Date
- Thread