[Cialug] denyhosts logging LOTS of attacks
Barry Von Ahsen
barry at vonahsen.com
Tue May 13 22:49:04 CDT 2008
this doesn't help either:
http://wiki.debian.org/SSLkeys
debian etch and ubuntu folks, update your openssl
-barry
Josh More wrote:
> Yes, SSH attacks are spiking right now. More details here:
> http://isc.sans.org/diary.html?storyid=4408
>
>
>
> -Josh More, RHCE, CISSP, NCLP, GIAC
> morej at alliancetechnologies.net
> 515-245-7701
>
>>>> David Bierce <david at bierce.org> 05/13/08 11:56 AM >>>
> SSH attacks for all the machines I manage with external SSH seem to
> come in spirts and not to all machines at the same time.
>
> It's mostly gone away now that I slow down/stop connections at the
> firewall using a 3 strikes and you're denied for a minute approach at
> the firewall for hosts trying to connect via SSH.
>
> Dave
> On May 13, 2008, at 11:49 AM, Kendall Bailey wrote:
>
>> I run an SSH server on port 22 as my only public service. I run the
>> denyhosts daemon to protect against dictionary attacks and lock down
>> SSH pretty thoroughly in other regards, but still allow connection
>> from any host otherwise. The last few days I've seen hundreds of
>> hosts logged by denyhosts. Anyone know why random dictionary attacks
>> might be spiking? Is it widespread? I'm considering closing that
>> port for a while.
>>
>> Thanks.
>> Kendall
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list