Re: SSH Cracking Attempts

To: debian-user@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: SSH Cracking Attempts
From: Alexei Chetroi <debian@lexa.uniflux-line.net>
Date: Fri, 1 Oct 2004 10:20:54 +0300
Message-id: <[🔎] 20041001072048.GA32145@uniflux-line.net>
In-reply-to: <415CA2EB.5020006@rcn.com>
References: <415CA2EB.5020006@rcn.com>

On Thu, Sep 30, 2004 at 08:20:59PM -0400, Ralph Katz wrote:
> Date: Thu, 30 Sep 2004 20:20:59 -0400
> From: Ralph Katz <ralph.katz@rcn.com>
> To: debian-user@lists.debian.org
> Subject: Re: SSH Cracking Attempts
> 
> >From: Jacob S (stormspotter@6Texans.net)
> >Subject: SSH Cracking Attempts
> > 
> >Newsgroups: linux.debian.user
> >Date: 2004-09-29 12:10:24 PST
> >
> >Every other day or so now I'm seeing attempts in my servers logs where
> >some remote machine starts trying to guess a username/password
 [snip] 
> This is getting worse for me:
> 
> ~$ grep 'Failed password' /var/log/auth.log |wc -l
> 241
> 
> 241 attempts in the last day and a half.  I'd like to make myself a less 
> attractive target.  In August, I asked for help in enabling FAIL_DELAY 
> to discourage these ssh attacks:
> 
> http://lists.debian.org/debian-user/2004/08/msg07107.html
> 
> But apparently FAIL_DELAY no longer applies to ssh.
> 
> I've since learned of TARPIT, but have no idea how to implement that 
> against ssh attacks. (I'm a desktop user, not a programmer or sys admin.)

  If you are desktop user, do you really need ssh access from
everywhere? If you need access to your machine from home, for example,
define IP range of your ISP in /etc/hosts.allow for ssh or shutdown sshd
entirely.

--
Alexei Chetroi

Reply to:

Prev by Date: Re: make xconfig & xfree???
Next by Date: Re: Software
Previous by thread: Re: make xconfig & xfree???
Next by thread: Re: SSH Cracking Attempts
Index(es):
- Date
- Thread