Re: Advice on dealing with scripted SSH attacks?
- From: Joseph Spenner <joseph85750@xxxxxxxxx>
- Date: Tue, 28 Mar 2006 15:30:45 -0800 (PST)
--- "Zembower, Kevin" <kzembowe@xxxxxxxxxx> wrote:
What's the current advice on dealing with scripts
that repeatedly try to
log onto SSH using a list of common usernames and
'password' for the
password? I get up to 4,000 of these a day from a
single server. In
searching Google on this, I've learned of techniques
using PAM and
firewall rules that are created dynamically in
response to log-in
attempts.
I've seen systems where an entry is made in
/etc/hosts.allow for sshd: for the offending IP if too
many attempts are detected. But in order for this to
work, your sshd must be compiled with tcp_wrappers
support.
I see this sort of attack a lot, and if the attacking
script hits a tcp wrapped ssh, it will stop
immediately. After a few minutes/hours, the entry can
be removed from hosts.allow (or not).
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
- Follow-Ups:
- Re: Advice on dealing with scripted SSH attacks?
- From: Matt P
- Re: Advice on dealing with scripted SSH attacks?
- References:
- Advice on dealing with scripted SSH attacks?
- From: Zembower, Kevin
- Advice on dealing with scripted SSH attacks?
- Prev by Date: Re: Advice on dealing with scripted SSH attacks?
- Next by Date: who command on solaris 2.8
- Previous by thread: Re: Advice on dealing with scripted SSH attacks?
- Next by thread: Re: Advice on dealing with scripted SSH attacks?
- Index(es):
Relevant Pages
|
|
