Re: What to do about SSH brute force attempts?

To: debian-security@lists.debian.org
Subject: Re: What to do about SSH brute force attempts?
From: Andreas Moog <andreas.moog@warperbbs.de>
Date: Thu, 21 Aug 2008 16:43:56 +0200
Message-id: <[🔎] 48AD7F2C.9020800@warperbbs.de>
In-reply-to: <[🔎] 20080821143351.GP98911@l03.thnet>
References: <[🔎] 20080821143351.GP98911@l03.thnet>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Tautschnig wrote:

> Nevertheless, I'd like to do something about it more proactively, so I also
> contact the abuse mailboxes as obtained from whois. 

Thats pretty much the only thing you can do about it. But one should not
be too hopeful that ISPs do something against it. There are only few
abuse-desks who act upon abuse messages. My hope would be that ISPs
start to close down accounts of customers with bots on their computer
and only let them go back online after the customer has taken a basic
class in computer-security. But that's a dream not coming true.

> Further, what do you guys do about such attacks? Just sit back and hope they
> don't get hold of any passwords? Any ideas are welcome...

I'm using fail2ban to adjust my firewall-rules and my systems are
configured to only accept Key-authentication. That way, an attacker has
to get hold of my key AND passphrase.

Greetings, Andreas Moog
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkitfywACgkQ06FgkPZwicQAHgCg7oHqqwTbEDE8nt7mYaxx0rUA
jyoAoMywEJBT52gmWtQ2BWJt8sveCru9
=glPC
-----END PGP SIGNATURE-----

Reply to:

References:
- What to do about SSH brute force attempts?
  - From: Michael Tautschnig <mt@debian.org>

Prev by Date: Re: What to do about SSH brute force attempts?
Next by Date: Re: What to do about SSH brute force attempts?
Previous by thread: Re: What to do about SSH brute force attempts?
Next by thread: Re: What to do about SSH brute force attempts?
Index(es):
- Date
- Thread