Re: Nice Slashdot article of interest
From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 07/17/05
- Previous message: David: "Re: Nice Slashdot article of interest"
- In reply to: David: "Nice Slashdot article of interest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 17 Jul 2005 10:03:58 -0400
"David" <shadoweyez@hotpop.com> wrote in message
news:pJhCe.4462$p%3.27321@typhoon.sonic.net...
>I just saw this article on Slashdot:
> http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/
> I believe there was a posting on this list regarding this issue a few
> times.
>
> I have an ssh box and I have noticed these attempts in my logs.
> Sometimes, you can port scan the IP's of the attacking hosts to see what
> type of OS (usually linux in my experience) and services they are
> running, and reporting abuses is a good way to maybe stop at least a few
> of the script_kiddies.
>
> My bet is that there are a few people out there looking for ssh boxes to
> make mischief on or put their "stuff" on and are using programs like
> sshscan and hydra to find and target all of our servers. Three things
> that would stop this kind of attack, and it has nothing to do with
> changing ports.
I haven't looked at hydra: I can't *BELIEVE* that sshscan is still in use,
since it takes so damn long per target hit and doesn't parallelize its
scans. I've written hacks to do scans much faster: netcat is my friend for
doing scans of TCP ports.
- Previous message: David: "Re: Nice Slashdot article of interest"
- In reply to: David: "Nice Slashdot article of interest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
