[CentOS] sshd: Authentication Failures: 137 Time(s)

Mon Apr 4 18:31:41 UTC 2011
Marian Marinov <mm at yuhu.biz>

On Monday 04 April 2011 21:08:45 David G.Miller wrote:
> Rainer Traut <tr.ml at ...> writes:
> > Hi,
> > 
> > to prevent scripted dictionary attacks to sshd
> 
> > I applied those iptables rules:
> SNIP
> 
> 
> Lots of good advice from several people.  All of the suggested solutions
> mean you still have to wade through log entries from the unsuccessful
> attacks.
> 
> I've been quite happy with similar IP tables rules but I moved sshd to
> listen on something other than port 22 for external connections.  I
> haven't seen a single brute force attack since making the move and all
> unsuccessful attempts to login via ssh get logged so it's not like
> attackers can stay below my radar.

This does not help if you provide a public services like shared hosting. We 
have all of our ssh daemons listening on different port. It was ok for a month 
or two... and then it became almost the same.


> 
> It seems that the script kiddies who are responsible for most of these
> attacks don't bother scanning (nmap) before the attack.  If port 22 isn't
> open they move elsewhere.  If I ever see any failed login attempts I can
> assume that the perpetrator is at least a little more skilled than usual
> and possibly take additional action.
> 
> Cheers,
> Dave
> 
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

-- 
Best regards,
Marian Marinov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20110404/20d236f9/attachment-0005.sig>