Re: [fw-wiz] SSH brute force attack
From: David Ross (David.Ross_at_isrc.qut.edu.au)
To: "Toderick, Lee W" <TODERICKL@MAIL.ECU.EDU> Date: Sun, 03 Jul 2005 21:37:43 +0000
Toderick, Lee W wrote:
> Our computers running SSH daemons have logged attacks. The attacks begin
> with a scan logged "Did not receive identification string from x.x.x.x",
> followed approximately 15 minutes later with "Illegal user " or " Failed
> password for root".
> Does anyone have information or documentation about this scan/attack?
I see it daily - and usually ignore it.
Sometimes I filter the address blocks if they belong to ISPs in
countries that I am unlikely to visit (and hence ssh from).
That keeps the logs manageable.
-- David Ross _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards