Re: [fw-wiz] SSH brute force attack

From: David Ross (David.Ross_at_isrc.qut.edu.au)
Date: 07/03/05

  • Next message: Emmanuel Mogenet: "[fw-wiz] pptpproxy v2 released"
    To: "Toderick, Lee W" <TODERICKL@MAIL.ECU.EDU>
    Date: Sun, 03 Jul 2005 21:37:43 +0000
    
    

    Toderick, Lee W wrote:
    > Our computers running SSH daemons have logged attacks. The attacks begin
    > with a scan logged "Did not receive identification string from x.x.x.x",
    > followed approximately 15 minutes later with "Illegal user " or " Failed
    > password for root".
    >
    > Does anyone have information or documentation about this scan/attack?

    I see it daily - and usually ignore it.
    Sometimes I filter the address blocks if they belong to ISPs in
    countries that I am unlikely to visit (and hence ssh from).
    That keeps the logs manageable.

    -- 
    David Ross
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Emmanuel Mogenet: "[fw-wiz] pptpproxy v2 released"