Re: Attacks on ssh port

• Previous message: Mike Silbersack: "Re: Random source ports in FreeBSD?"
• In reply to: Antony Mawer: "Re: Attacks on ssh port"
• Next in thread: Darren Pilgrim: "RE: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 19 Sep 2004 19:32:49 +1000
To: Antony Mawer <fbsd-security@mawer.org>

Antony Mawer wrote:
> Chris Ryan wrote:
>
>>protection - with the appropriate active firewall that
>>blocks their IP address after x failed attempts
>>permanently....
>
>
> Has anyone found any good scripts or utilities for automating this kind
> of thing? I too have been subject to these probings, and my initial
> thought was to firewall off any address after any number of incorrect
> attempts.
>
> While I could write a script to parse the ipfilter logs, I didn't want
> to go re-inventing the wheel for something which I was sure someone
> would have already attempted.
>
> Anyone have any suggestions?
>
> Cheers
> Antony

Is it actually good idea to block those IPs? I get lots of attacks too
on daily basis on my machines for: root, man, smmsp, nobody, bin,
daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent
e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of
them replied. However, the attacks never come from same networks nor IPs.

My 2 cents.

Cheers,
Mikhail

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Mike Silbersack: "Re: Random source ports in FreeBSD?"
• In reply to: Antony Mawer: "Re: Attacks on ssh port"
• Next in thread: Darren Pilgrim: "RE: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: DISA Security Readiness Review Evaluation Scripts ... I've used the DISA disks to validate OS hardening dozens of times. ... DISA Security Readiness Review Evaluation Scripts ... > your website. ... Up to 75% of cyber attacks are launched on shopping ... (Pen-Test) Re: [Full-disclosure] Web Server Botnets and Server Farms as Attack Platforms ... insecure web application written in PHP, although attacks for other ... The main reason for this is that many different PHP applications are ... and you've found your way to execute shell code on the remote web server. ... those scripts were put in place. ... (Full-Disclosure) Re: Web Server Botnets and Server Farms as Attack Platforms ... insecure web application written in PHP, although attacks for other ... The main reason for this is that many different PHP applications are ... and you've found your way to execute shell code on the remote web server. ... those scripts were put in place. ... (Bugtraq) RE: DISA Security Readiness Review Evaluation Scripts ... > What the SRR Scripts are is an automated way to do the checks in the ... >> Hackers are concentrating their efforts on attacking applications on ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... (Pen-Test) RE: cant figure out ssh, read lots of docs... ... All the talk so far has been about how to stop attacks at your front ... abuse-reporting-system scripts. ... using common user names as login names if I may. ... were for the root account. ... (freebsd-questions)