Re: Attacks on ssh port

From: Mikhail Goriachev (
Date: 09/19/04

  • Next message: Terry: "Re:sshd security"
    Date: Sun, 19 Sep 2004 19:32:49 +1000
    To: Antony Mawer <>

    Antony Mawer wrote:
    > Chris Ryan wrote:
    >>protection - with the appropriate active firewall that
    >>blocks their IP address after x failed attempts
    > Has anyone found any good scripts or utilities for automating this kind
    > of thing? I too have been subject to these probings, and my initial
    > thought was to firewall off any address after any number of incorrect
    > attempts.
    > While I could write a script to parse the ipfilter logs, I didn't want
    > to go re-inventing the wheel for something which I was sure someone
    > would have already attempted.
    > Anyone have any suggestions?
    > Cheers
    > Antony

    Is it actually good idea to block those IPs? I get lots of attacks too
    on daily basis on my machines for: root, man, smmsp, nobody, bin,
    daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent
    e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of
    them replied. However, the attacks never come from same networks nor IPs.

    My 2 cents.


    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Terry: "Re:sshd security"