Re: [fw-wiz] SSH brute force attack
From: David Ross (David.Ross_at_isrc.qut.edu.au)
Date: 07/03/05
- Previous message: Bruce Smith: "RE: [fw-wiz] Proxy - content filter related"
- Maybe in reply to: Mark Tinberg: "Re: [fw-wiz] SSH brute force attack"
- Next in thread: Marko Jakovljevic: "Re: [fw-wiz] SSH brute force attack"
- Reply: Marko Jakovljevic: "Re: [fw-wiz] SSH brute force attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Toderick, Lee W" <TODERICKL@MAIL.ECU.EDU> Date: Sun, 03 Jul 2005 21:37:43 +0000
Toderick, Lee W wrote:
> Our computers running SSH daemons have logged attacks. The attacks begin
> with a scan logged "Did not receive identification string from x.x.x.x",
> followed approximately 15 minutes later with "Illegal user " or " Failed
> password for root".
>
> Does anyone have information or documentation about this scan/attack?
I see it daily - and usually ignore it.
Sometimes I filter the address blocks if they belong to ISPs in
countries that I am unlikely to visit (and hence ssh from).
That keeps the logs manageable.
-- David Ross _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bruce Smith: "RE: [fw-wiz] Proxy - content filter related"
- Maybe in reply to: Mark Tinberg: "Re: [fw-wiz] SSH brute force attack"
- Next in thread: Marko Jakovljevic: "Re: [fw-wiz] SSH brute force attack"
- Reply: Marko Jakovljevic: "Re: [fw-wiz] SSH brute force attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
