[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH Cracking Attempts

On Thu, Sep 30, 2004 at 08:20:59PM -0400, Ralph Katz wrote:
> Date: Thu, 30 Sep 2004 20:20:59 -0400
> From: Ralph Katz <ralph.katz@rcn.com>
> To: debian-user@lists.debian.org
> Subject: Re: SSH Cracking Attempts
> >From: Jacob S (stormspotter@6Texans.net)
> >Subject: SSH Cracking Attempts
> > 
> >Newsgroups: linux.debian.user
> >Date: 2004-09-29 12:10:24 PST
> >
> >Every other day or so now I'm seeing attempts in my servers logs where
> >some remote machine starts trying to guess a username/password
> This is getting worse for me:
> ~$ grep 'Failed password' /var/log/auth.log |wc -l
> 241
> 241 attempts in the last day and a half.  I'd like to make myself a less 
> attractive target.  In August, I asked for help in enabling FAIL_DELAY 
> to discourage these ssh attacks:
> http://lists.debian.org/debian-user/2004/08/msg07107.html
> But apparently FAIL_DELAY no longer applies to ssh.
> I've since learned of TARPIT, but have no idea how to implement that 
> against ssh attacks. (I'm a desktop user, not a programmer or sys admin.)

  If you are desktop user, do you really need ssh access from
everywhere? If you need access to your machine from home, for example,
define IP range of your ISP in /etc/hosts.allow for ssh or shutdown sshd

Alexei Chetroi

Reply to: