Firewall Wizards mailing list archives
Re: SSH brute force attack
From: Mark Tinberg <mtinberg () securepipe com>
Date: Thu, 30 Jun 2005 15:11:58 -0500 (CDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 24 Jun 2005, Toderick, Lee W wrote:
Our computers running SSH daemons have logged attacks. The attacks begin with a scan logged "Did not receive identification string from x.x.x.x", followed approximately 15 minutes later with "Illegal user " or " Failed password for root".
That's pretty much normal, people are scanning for easy to access ssh services all the time. The way to deal with this is to not allow worldwide access to your ssh daemon. OpenSSH has not had a perfect security track record, for security software it has a lot of extraneous functionality, so you have to protect it just like you'd protect any other service. If you absolutely have to expose it to the world (you run a shellbox for example) then at least take the precaution of disabling direct root access, having a very strict password policy (which is enforced) and turning off features you don't need (like port forwarding, SOCKS proxy, X forwarding, SFTP, etc.). - -- Mark Tinberg <MTinberg () securepipe com> Network Administrator, SecurePipe Inc. Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCxFIPFu7F5OUjbGcRAm7OAKCMozOffXapgTEcOH/IA6V6wl0bUQCfVX9d M6lu6T0VgJurvuQjwXrscG4= =NAPq -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: SSH brute force attack Paul Melson (Jul 01)
- <Possible follow-ups>
- Re: SSH brute force attack Mark Tinberg (Jul 01)
- RE: SSH brute force attack Mathew Want (Jul 01)
- Re: SSH brute force attack David Ross (Jul 05)
- Re: SSH brute force attack Marko Jakovljevic (Jul 06)
- RE: SSH brute force attack Mark Ness (Jul 18)
- Re: RE: SSH brute force attack Mark Ness (Jul 21)
- Re: RE: SSH brute force attack Christine Kronberg (Jul 21)