Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rundown on SSH Brute Force Attacks

Posted by Zonk on Saturday July 16, 2005 @05:25AM from the more-you-know! dept.

An anonymous reader writes "Whitedust has a very interesting article on the recent SSH brute force attacks. The article goes into depth on how to monitor these attackes and to report them to the authorities. It also discusses various tools that are available. According to the article, mostly compromised Linux systems from outside of North America are responsible for the attacks. Even the author's DSL connection was getting break-in attempts."

2 of 360 comments (clear)

Min score:

Reason:

Sort:

Re:I get these almost continually... by AndroidCat · 2005-07-16 05:55 · Score: 2, Funny

That's probably the IP of one their previous victims. If you wanted to have fun, rename the role account they're trying for, create a "root" with almost no access and uses Zork (dungeon) as its shell. (Probably best to try this on the junk spare Pentium box, just in case.)

--
One line blog. I hear that they're called Twitters now.
Re:First, I put ssh on another port, then... by Anonymous Coward · 2005-07-16 06:49 · Score: 1, Funny

I wrote a program that was utterly immune to buffer overflow and other attacks, and use that program to enable SSH for just the IP address I'm coming from.

Apart from the commendable fact that you seem to write safer code than those SSH clueless developers, I'm surprised at SSH not having some, you know, way to restrict SSH access to a few IPs. Like a sshd_config directive called RhostsAuthentication. Also I can't believe OSs nowadays don't have a firewall or something to save you the work of doing something as l33t as that program clearly must be.

Boy, I wanna be like you when I grow up.