Firewall Wizards mailing list archives
Re: SSH brute force attack
From: David Ross <David.Ross () isrc qut edu au>
Date: Sun, 03 Jul 2005 21:37:43 +0000
Toderick, Lee W wrote:
Our computers running SSH daemons have logged attacks. The attacks begin with a scan logged "Did not receive identification string from x.x.x.x", followed approximately 15 minutes later with "Illegal user " or " Failedpassword for root".Does anyone have information or documentation about this scan/attack?
I see it daily - and usually ignore it.Sometimes I filter the address blocks if they belong to ISPs in countries that I am unlikely to visit (and hence ssh from).
That keeps the logs manageable. -- David Ross _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: SSH brute force attack Paul Melson (Jul 01)
- <Possible follow-ups>
- Re: SSH brute force attack Mark Tinberg (Jul 01)
- RE: SSH brute force attack Mathew Want (Jul 01)
- Re: SSH brute force attack David Ross (Jul 05)
- Re: SSH brute force attack Marko Jakovljevic (Jul 06)
- RE: SSH brute force attack Mark Ness (Jul 18)
- Re: RE: SSH brute force attack Mark Ness (Jul 21)
- Re: RE: SSH brute force attack Christine Kronberg (Jul 21)