how to react on ssh attacks?
Rich Stanford
rich at stanfordsystems.org
Mon Oct 24 12:11:32 UTC 2005
On Monday 24 October 2005 5:51 am, Tom Yates wrote:
> On Mon, 24 Oct 2005, Stephanus Fengler wrote:
> > I recently checked my log files of my ssh service (so far as I
> > understand this is my only service open) and realized that from the very
> > same IP I got a lot of request trying to guess a user name on my system,
> > I assume. Since login name always changes in even chronological
> > alphabetical order.
> >
> > So shell I worry about it or do I need to do some countermeasures?
>
> in case this is of any use to anyone, i've made a web page out of the
> responses i got when i asked this question on a number of lists earlier
> this year, plus the details of the solution i went for.
>
> it's not pretty yet, but the emails are up at
> http://www.teaparty.net/technotes/ssh-rate-limiting.html. i'll make it
> prettier, make the links usable, that sort of thing, as time permits.
> hope it's useful to someone.
>
>
> --
>
> Tom Yates - http://www.teaparty.net
I found the following article very helpful. Fairly easy to set up and has
eliminated about 90% of these automatic scans.
http://www.linux.com/article.pl?sid=05/09/15/1655234
Rich
More information about the fedora-list
mailing list