Re: failed root login attempts

To: debian-security@lists.debian.org
Subject: Re: failed root login attempts
From: Bernd Eckenfels <ecki-news2004-05@lina.inka.de>
Date: Sun, 19 Sep 2004 21:53:23 +0200
Message-id: <[🔎] E1C97kR-0002hc-00@calista.eckenfels.6bone.ka-ip.net>
In-reply-to: <[🔎] 20040919183057.GA22093@cirrus.madduck.net>

In article <[🔎] 20040919183057.GA22093@cirrus.madduck.net> you wrote:
> Other than blacklisting the IPs (which is a race I am going to
> lose), what are people doing? Are there any distinctive marks in the
> SSH login attempt that one could filter on?

You can either move your ssh to another port, that will greatly reduce the
distributed brute force attacks, or you can put a filter with port knocking
in front of it. Another option is to turn off password authentication,
completely.

And yes you should be worried about those attacks if you habe weak passwords.

Bernd
-- 
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/

Reply to:

Follow-Ups:
- Re: failed root login attempts
  - From: martin f krafft <madduck@debian.org>
- Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>

References:
- failed root login attempts
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: failed root login attempts
Next by Date: Re: Rebuilding packages on *all* architectures
Previous by thread: Re: failed root login attempts
Next by thread: Re: failed root login attempts
Index(es):
- Date
- Thread