Re: What is this Very Stupid DOS Attack Script?
From: Dan Rue (drue_at_therub.org)
Date: Wed, 6 Apr 2005 11:28:11 -0500 To: Martin McCormick <firstname.lastname@example.org>
On Wed, Apr 06, 2005 at 10:49:08AM -0500, Martin McCormick wrote:
> We have been noticing flurries of sshd reject messages in
> which some system out there in the hinterlands hits us with a flood of
> ssh login attempts. An example:
> Apr 6 05:49:42 dc sshd: Failed password for illegal user
> bruce from 126.96.36.199 port 32983 ssh2
In my experience, these are just script kiddies goofing around. The
only useful thing to do is to report them to abuse@ their ISP - this can
actually be effective in some cases.
$ whois 188.8.131.52
OrgName: ThePlanet.com Internet Services, Inc.
Address: 1333 North Stemmons Freeway
Address: Suite 110
I'm sure his ISP would like to know about his behavior - send them a
report of his attempts. Often in my opinion it's some 13 year old who
doesn't realize he's not anonymous on the internet. It quickly becomes
a tedious and thankless job, but it's the best weapon you have imo.
Also, I find on some systems it's nice to do whitelisting with
hosts.allow to only allow connectinos from certain addresses. Obviously
that is not a solution for every system, but it can work well for some.
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"