Re: SSH scans vs connection ratelimiting
- From: "Scot Hetzel" <swhetzel@xxxxxxxxx>
- Date: Sat, 19 Aug 2006 16:29:38 -0500
On 8/19/06, Pieter de Boer <pieter@xxxxxxxxxxxxxx> wrote:
This works as expected, IP-addresses are added to the 'lamers'-tableIt looks as though you need to lower 'MaxAuthTries' in your
every once in a while.
However, there apparently are SSH bruteforcers that simply use one
connection to perform a brute-force attack:
Aug 18 00:00:01 aberdeen sshd[87989]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:03 aberdeen sshd[88010]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:05 aberdeen sshd[88012]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:10 aberdeen sshd[88014]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:13 aberdeen sshd[88019]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:14 aberdeen sshd[88021]: Invalid user serwis from 83.19.113.122
sshd_config file, as the default is set to allow six authentication
attempts per connection.
You'll find this in the sshd_config(5) man page.
Scot
--
DISCLAIMER:
No electrons were mamed while sending this message. Only slightly bruised.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: SSH scans vs connection ratelimiting
- From: Pieter de Boer
- Re: SSH scans vs connection ratelimiting
- References:
- SSH scans vs connection ratelimiting
- From: Pieter de Boer
- SSH scans vs connection ratelimiting
- Prev by Date: SSH scans vs connection ratelimiting
- Next by Date: Re: SSH scans vs connection ratelimiting
- Previous by thread: SSH scans vs connection ratelimiting
- Next by thread: Re: SSH scans vs connection ratelimiting
- Index(es):
