Re: Ataques contra ssh
<quote quem="Erick">
> Boa noite pessoal,
> instalei um servidor ssh ha algum tempo no PC de casa, e percebi
> algumas entradas no /var/log/auth.log como essas:
>
> Nov 25 14:24:47 localhost sshd[2611]: Illegal user test from 82.77.21.170
> Nov 25 14:25:39 localhost sshd[2642]: Illegal user tester from
> 82.77.21.170
> Nov 25 14:26:32 localhost sshd[2672]: Illegal user testing from
> 82.77.21.170
> Nov 25 14:27:17 localhost sshd[2704]: Illegal user guest from 82.77.21.170
> Nov 25 14:28:00 localhost sshd[2732]: Illegal user account from
> 82.77.21.170
> Nov 27 01:32:44 localhost sshd[1583]: Illegal user a from 69.164.235.110
> Nov 27 01:32:47 localhost sshd[1586]: Illegal user b from 69.164.235.110
> Nov 27 01:32:49 localhost sshd[1589]: Illegal user c from 69.164.235.110
> Dec 4 20:29:36 localhost sshd[1624]: Illegal user demo from
> 211.100.33.142
> Dec 4 20:30:30 localhost sshd[1646]: Illegal user admin from
> 211.100.33.142
> Dec 4 20:31:49 localhost sshd[1678]: Illegal user student from
> 211.100.33.142
> Dec 20 13:43:46 localhost sshd[2353]: Illegal user clark from
> 200.162.80.236
>
> Isso me parece aqueles programinhas que varrem a Internet atras de portas
> abertas
> e depois tentam um ataque de brute-force. Minha duvida é se eu deveria me
> preocupar com isso.
> Trocar a porta padrao [22] diminui ou evita totalmente esse tipo de ataque
> 'ás cegas' ?
>
Veja:
http://www.dicas-l.com.br/dicas-l/20050113.php
Fabio.
Reply to: