Re: Repeated attacks via SSH

From: Bigby Findrake (bigby_at_ephemeron.org)
Date: 10/03/05

  • Next message: Jared Hall: "Re: Repeated attacks via SSH"
    Date: Sun, 2 Oct 2005 21:48:29 -0700 (PDT)
    To: Timothy Smith <timothy@open-networks.net>
    
    

    Have a look at labrea.

    http://labrea.sourceforge.net/

    On Mon, 3 Oct 2005, Timothy Smith wrote:

    > i wonder if there isn't an opertunity to create some kind of honey pot
    > project given the growing frequencies of these ssh based attacks.
    >
    > allow logins then dragggggg out the connection as long as you can. i
    > still have a copy of everything they used to attack my system (it was
    > left in /tmp and they were trying to get my system to scan as well)

    /-------------------------------------------------------------------------/
    "I dislike companies that have a we-are-the-high-priests-of-hardware-so-you'll-
    like-what-we-give-you attitude. I like commodity markets in which
    iron-and- silicon hawkers know that they exist to provide fast toys for
    software types like me to play with..."
            -- Eric S. Raymond

                        finger://bigby@ephemeron.org
                        http://www.ephemeron.org/~bigby/
                    news://news.ephemeron.org/alt.lemurs
    /-------------------------------------------------------------------------/

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Jared Hall: "Re: Repeated attacks via SSH"

    Relevant Pages

    • Re: Blocking attacks from spoofed IP addresses
      ... everybody else's ssh server. ... was wondering if there was a way if I could link all of the attacks ... root logins and I disabled root logins through ssh, ... Disable password ...
      (comp.os.linux.networking)
    • Re: [SLE] stopping dictionary attacks on sshd (a tcp_wrappers problem)
      ... ssh login does not work when one has just booted, until jifie gets 0 and starts incrementing, then it works. ... We need open ssh connections from the outside. ... We want to defend against these attacks in a reasonable way. ... logsurfer is used because I don't know a better log watching and event ...
      (SuSE)
    • RE: Deliberately create slow SSH response?
      ... Asunto: RE: Deliberately create slow SSH response? ... The brute force attacks are most likely automated, ... Have you thought about limiting access to the service to only certain IPs? ...
      (SSH)
    • Fwd: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
      ... Multiple vendors' implementations of the secure shell (SSH) transport ... The vulnerabilities affect SSH ... SSH clients can reduce the risk of attacks by only connecting to ...
      (Bugtraq)
    • Re: some attack to fedora machine .
      ... F8 installation last December. ... Each and every time the invader came in through ssh. ... You should also set up SSH to only use key pairs to allow logins. ... This will foil "dictionary" attacks. ...
      (Fedora)