Re: What to do about SSH brute force attempts?

To: Michael Tautschnig <mt@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: What to do about SSH brute force attempts?
From: Micah Anderson <micah@riseup.net>
Date: Thu, 21 Aug 2008 12:15:49 -0400
Message-id: <[🔎] 20080821161549.GL21708@pond.riseup.net>
In-reply-to: <[🔎] 20080821143351.GP98911@l03.thnet>
References: <[🔎] 20080821143351.GP98911@l03.thnet>

* Michael Tautschnig <mt@debian.org> [2008-08-21 07:35-0400]:
> Hi all,
> 
> since two days (approx.) I'm seeing an extremely high number of apparently
> coordinated (well, at least they are trying the same list of usernames) brute
> force attempts from IP addresses spread all over the world. I've got denyhosts
> and an additional iptables based firewall solution in place to mitigate these
> since quite some time already and this seems to do the trick in terms of
> blocking them fairly quickly.

I hope you are aware that its very trivial for a non-privileged user
on your system to issue a logger command to trigger a denyhosts DOS to
lock out anyone they want.

micah

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: What to do about SSH brute force attempts?
  - From: Michael Tautschnig <mt@debian.org>

References:
- What to do about SSH brute force attempts?
  - From: Michael Tautschnig <mt@debian.org>

Prev by Date: Re: What to do about SSH brute force attempts?
Next by Date: Re: What to do about SSH brute force attempts?
Previous by thread: Re: What to do about SSH brute force attempts?
Next by thread: Re: What to do about SSH brute force attempts?
Index(es):
- Date
- Thread