Re: Reporting brute force ssh login attempts
On Wed, 15 Nov 2006 18:51:02 +0000
Shri Shrikumar <shri@kraya.co.uk> wrote:
> Hi All,
>
> I have a few servers on which there is a regular penetration
> attempts using brute force password guessing bots.
>
> There is little risk to the server but am getting more and more
> annoyed by this and as far as I can see am left with two options.
>
> 1. Report each ip address that does this. However, a lot of them
> seems to be from asia with no proper abuse@ address to contact.
> Additionally, this can be very time consuming.
>
> 2. Change the port number that ssh uses to something else. This
> has the annoyance that I need to pass the new port number in each
> time I want to log-in.
>
> 3. Ignore the issue. Very annoying since logwatch and logcheck
> constantly complain about it. However, I can add filters so it
> annoys me less.
>
> Is there a another option? Alternatively, is there a way of
> automatically reporting offending ip's?
>
> Any input in this matter greatly appreciated.
>
> Best Wishes,
>
>
> Shri
>
I assume you're using a firewall? Give anyone who tries to access
ssh a couple of attempts in a minute, then it drops them.
--
Raquel
============================================================
What is hateful you do not do to your neighbor: that is the whole
Torah.
--Shammai
Reply to: