Re: SSH Cracking Attempts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Sep 29, 2004 at 02:09:58PM -0500, Jacob S wrote:
> Every other day or so now I'm seeing attempts in my servers logs where
> some remote machine starts trying to guess a username/password
> combination to ssh into the server. They try everything from 'test', to
> 'NOUSER', 'guest', 'root', etc., doing at least one login attempt per
> second, each time from a different source port.
>
> So, my question is this. Is there a way to tell ssh to refuse
> connections from an ip address after a certain number of failed login
> attempts, or is snort the only way to do something like this? So far
> I've been taking the manual approach, blocking the ip address with
> my firewall after I see it hitting the logs, but that can give them
> about an hour to play before I notice it (e-mailed to me by logcheck).
>
> Any suggestions?
>
> TIA,
> Jacob
Hi Jacob,
it happen to me a few months ago. someone suggested that I turn off
root login from remote hosts in sshd. Is that what you want?
- -Kev
- --
(__)
(oo)
/------\/
/ | ||
* /\---/\
~~ ~~
...."Have you mooed today?"...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBW6PuAWAAuqdWA9cRAhcBAJ95kH8Y6JeisNF/5Gd0QIr4IOOKqgCeIvjY
CiLB4N0RxVVRpTSAnuhnw6M=
=hw7h
-----END PGP SIGNATURE-----
Reply to: