On Sun, Sep 19, 2004 at 09:53:23PM +0200, Bernd Eckenfels wrote: > You can either move your ssh to another port, that will greatly reduce the > distributed brute force attacks, or you can put a filter with port knocking > in front of it. Another option is to turn off password authentication, > completely. Neither of these is an option at a large site with dozens or hundreds of ssh users. Maybe if the sysadmins are the only ones who care about ssh it's an option, but where's the fun in that? > > And yes you should be worried about those attacks if you habe weak passwords. That's trivial to fix, even in large sites. Min password lenghts of 8 characters with a minimum of two character classes are going to interfere with any random login based password guessing. Especially since, from what I hear about this scanner that's responsible for all these login attempts, it's trying mind-numbingly simple passwords, like root/root, guest/guest, empty passwords, and things like that. noah
Attachment:
pgpxxqy5hszP7.pgp
Description: PGP signature