Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rundown on SSH Brute Force Attacks

Posted by Zonk on from the more-you-know! dept.

An anonymous reader writes "Whitedust has a very interesting article on the recent SSH brute force attacks. The article goes into depth on how to monitor these attackes and to report them to the authorities. It also discusses various tools that are available. According to the article, mostly compromised Linux systems from outside of North America are responsible for the attacks. Even the author's DSL connection was getting break-in attempts."

2 of 360 comments (clear)

  1. Re:As always... by justMichael · · Score: 5, Insightful
    limit the user accounts w/ SSH access, and don't allow remote root logins.
    I tend to think of this in a slightly different direction.

    Use AllowUers and only have acocunts that I want logging in. If some package/whatever creates an account and I don't know, it can't be exploited.

    Any login not in that list just gets a Password: promt over and over...

    If my sshd_config gets changed I'm probably going to know.

    The article states "200 to 300 times per day"...

    This is only one box out of 63 for one day:
    Authentication Failures:
    unknown (xxxx.ip.secureserver.net): 2214 Time(s)
  2. 20th Century Authority by handy_vandal · · Score: 5, Insightful

    The article goes into depth on how to monitor these attackes and to report them to the authorities.

    The authorities ... how very ... twentieth-century.

    Better we should self-organize our collective defense.

    Peer-to-peer government -- making the nation-state obsolete, one node at a time ....

    -kgj

    --
    -kgj