[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security

michael wrote:

> I notice that frequently many machines around here get attacked by a
> potential hacker (a prog I guess) trying lots of usernames to get in to
> all the machines, using the same set of usernames at the same time. Have
> people seen this on their machines? I'm guessing it's a virus/worm on a
> Windows box doing this but does anybody know more?

It's an attempt to brute force passwords for root and other accounts using
SSH by an automated script. The Internet Storm Center has posted
information about it several times. Google for the following for more

"SSH scanning" site:isc.sans.org

The short answer is that, if you don't use easy-to-guess passwords on your
system, you won't have a problem.

You could also do any of the following:

1) Configure SSH to use keys instead of passwords
2) Using iptables, allow only a few IP addresses access to SSH
3) Run SSH on a non-standard port
4) Implement port knocking to guard access to SSH


Reply to: