Re: using PubkeyAuthentication, still getting dictionary attacks!



Chuck <skilover_nospam@xxxxxxxxxxxxxx> writes:

Todd H. wrote:
Nomen Nescio <nobody@xxxxxxxxx> writes:

Why do they keep
trying?

Because they're script kiddie attacks and will try no matter what your
config.

Anything else I can/should do?

Just move sshd to listen on a non-standard port and the annoyance will
cease.


Or just don't worry about it if you've disabled password authentication.
That keeps them busy trying hopelessly to get into your server instead
of attacking one that's truly vulnerable.

If the sshd server isn't there to listen to an attack on port 22, sshd
won't cut a failed login attempt to a log. The host level port
filter will just quietly ignore the tcp connection request. Seems to
work a treat.



--
Todd H.
http://www.toddh.net/
.



Relevant Pages

  • Re: Grafting a SSH auto-drop chain onto Arnos 1.8.3-RC1
    ... > hammering my machine with multiple attacks per second. ... to block those certain places from ever touching your ssh port (if you don't ... the patchomatic-ng and add alot of neat options to iptables. ... have not seen one single ssh attack since I moved my sshd off port 22. ...
    (comp.os.linux.security)
  • Re: Security problem
    ... simply to use a non-standard port. ... names and passwords, on large ranges of IP addresses. ... Yes, sophisticated attacks can do it faster, do things in parallel, use an army of zombies to distribute the scans, etc. ... When they don't find any response on the standard port, the normal assumption will be that that there isn't a sshd there. ...
    (comp.os.linux.development.apps)
  • Re: Security problem
    ... simply to use a non-standard port. ... If an IP address doesn't have an sshd on port 22, they find a different address that does. ... People making specific attacks will use nmap and port scanners on non-standard ports. ...
    (comp.os.linux.development.apps)
  • Re: using PubkeyAuthentication, still getting dictionary attacks!
    ... Because they're script kiddie attacks and will try no matter what your ... Or just don't worry about it if you've disabled password authentication. ... If the sshd server isn't there to listen to an attack on port 22, ...
    (comp.security.ssh)
  • RE: sshd listening on more than one port.
    ... simply add additional Port lines to your sshd_config file and kill -HUP your sshd server. ... in my config file. ...
    (freebsd-questions)