Premature termination of SSH connection attempts
From: Augustus SFX van Dusen (ASFXvD_at_story.net)
Date: 08/17/05
- Next message: MikesBrain: "Re: Port 22 SNAFU? Help!"
- Previous message: MikesBrain: "Re: Port 22 SNAFU? Help!"
- Next in thread: Darren Tucker: "Re: Premature termination of SSH connection attempts"
- Reply: Darren Tucker: "Re: Premature termination of SSH connection attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Aug 2005 21:56:55 GMT
I have been collecting SSH server data from my logs, for the last few
months, and it turns out to be the case that the vast majority of break-in
attempts had their origin in China, Taiwan or South Korea (one can't help
but wondering but the problem is with those guys, but that's sociological
issue irrelevant to this group.)
Since the attempts seem to be crude dictionary attacks, the only thing
that they have achieved has been to leave their data in my logs. I was
wondering whether things could be arranged so that those logs are not even
created in the first place?
What I would like is for the SSH server (OpenSSH, in this case) to behave
in such a way that, whenever a connection is received from a host at a
blacklisted domain, the connection is simply refused. That is, instead of
completing the SSH handshake, the server terminates the dialog at that
point.
- Next message: MikesBrain: "Re: Port 22 SNAFU? Help!"
- Previous message: MikesBrain: "Re: Port 22 SNAFU? Help!"
- Next in thread: Darren Tucker: "Re: Premature termination of SSH connection attempts"
- Reply: Darren Tucker: "Re: Premature termination of SSH connection attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
