Re: Attacks on ssh port

From: Mikhail Goriachev (mikhailg_at_webanoide.org)
Date: 09/19/04

  • Next message: Terry: "Re:sshd security"
    Date: Sun, 19 Sep 2004 19:32:49 +1000
    To: Antony Mawer <fbsd-security@mawer.org>
    
    

    Antony Mawer wrote:
    > Chris Ryan wrote:
    >
    >>protection - with the appropriate active firewall that
    >>blocks their IP address after x failed attempts
    >>permanently....
    >
    >
    > Has anyone found any good scripts or utilities for automating this kind
    > of thing? I too have been subject to these probings, and my initial
    > thought was to firewall off any address after any number of incorrect
    > attempts.
    >
    > While I could write a script to parse the ipfilter logs, I didn't want
    > to go re-inventing the wheel for something which I was sure someone
    > would have already attempted.
    >
    > Anyone have any suggestions?
    >
    > Cheers
    > Antony

    Is it actually good idea to block those IPs? I get lots of attacks too
    on daily basis on my machines for: root, man, smmsp, nobody, bin,
    daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent
    e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of
    them replied. However, the attacks never come from same networks nor IPs.

    My 2 cents.

    Cheers,
    Mikhail

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Terry: "Re:sshd security"

    Relevant Pages

    • RE: DISA Security Readiness Review Evaluation Scripts
      ... I've used the DISA disks to validate OS hardening dozens of times. ... DISA Security Readiness Review Evaluation Scripts ... > your website. ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)
    • Re: [Full-disclosure] Web Server Botnets and Server Farms as Attack Platforms
      ... insecure web application written in PHP, although attacks for other ... The main reason for this is that many different PHP applications are ... and you've found your way to execute shell code on the remote web server. ... those scripts were put in place. ...
      (Full-Disclosure)
    • Re: Web Server Botnets and Server Farms as Attack Platforms
      ... insecure web application written in PHP, although attacks for other ... The main reason for this is that many different PHP applications are ... and you've found your way to execute shell code on the remote web server. ... those scripts were put in place. ...
      (Bugtraq)
    • RE: DISA Security Readiness Review Evaluation Scripts
      ... > What the SRR Scripts are is an automated way to do the checks in the ... >> Hackers are concentrating their efforts on attacking applications on ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • RE: cant figure out ssh, read lots of docs...
      ... All the talk so far has been about how to stop attacks at your front ... abuse-reporting-system scripts. ... using common user names as login names if I may. ... were for the root account. ...
      (freebsd-questions)