Re: shutting down dictionary attacks
From: Josh Grosse (josh_at_jggimi.homeip.net)
Date: 07/04/05
- Previous message: Andrew Haninger: "Re: FW: No longer can connect"
- Maybe in reply to: Josh Grosse: "shutting down dictionary attacks"
- Next in thread: Guillaume Vissian: "Re: shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Jul 2005 09:29:11 -0400 To: "Brian J. Woods" <brianjwd@gmail.com>
On Mon, Jul 04, 2005 at 03:06:20AM -0500, Brian J. Woods wrote:
> More info on the environment the pc's where on maybe?
Sure. My OpenBSD PC has port 22 open for protocol 2 (per the sshd_config
I'd posted) and will accept only authorized RSA keys. Apparently.
I'm on a cable network which is regularly scanned by kiddies for
weakness.
My OS is OpenBSD 3.7-current, last updated June 24, and my ssh
is 4.1, last updated April 11.
My /var/log/authlog was showing both the usual "admin" "guest" "root"
attacks, and the occasional dictionary attack. The script being used by
these kiddies seems to force a password authentication, since its otherwise
turned off.
I'm still getting attacks, so the addition of "KerberosOrLocalPasswd no"
didn't help.
Since I made the last update, I've also changed the LogLevel to DEBUG3.
Here's one of many of the latest attempts to break in shown in my authlog:
------
.
.
.
Jul 3 08:23:38 jggimi sshd[28519]: Invalid user shell from 65.118.221.232
Jul 3 08:23:38 jggimi sshd[19291]: input_userauth_request: invalid user shell
Jul 3 08:23:38 jggimi sshd[19291]: Failed password for invalid user shell from
65.118.221.232 port 29630 ssh2
Jul 3 08:23:38 jggimi sshd[19291]: Received disconnect from 65.118.221.232: 11:
Bye Bye
Jul 3 08:23:39 jggimi sshd[22844]: Invalid user linux from 65.118.221.232
Jul 3 08:23:39 jggimi sshd[18991]: input_userauth_request: invalid user linux
Jul 3 08:23:39 jggimi sshd[18991]: Failed password for invalid user linux from
65.118.221.232 port 29715 ssh2
Jul 3 08:23:39 jggimi sshd[18991]: Received disconnect from 65.118.221.232: 11:
Bye Bye
Jul 3 08:23:40 jggimi sshd[5455]: Invalid user unix from 65.118.221.232
Jul 3 08:23:40 jggimi sshd[28488]: input_userauth_request: invalid user unix
Jul 3 08:23:40 jggimi sshd[28488]: Failed password for invalid user unix from 6
5.118.221.232 port 29791 ssh2
Jul 3 08:23:40 jggimi sshd[28488]: Received disconnect from 65.118.221.232: 11:
Bye Bye
.
.
.
- Previous message: Andrew Haninger: "Re: FW: No longer can connect"
- Maybe in reply to: Josh Grosse: "shutting down dictionary attacks"
- Next in thread: Guillaume Vissian: "Re: shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
