[CentOS] ssh attack
sophana
sophana at zizi.ath.cx
Tue Feb 14 14:33:24 UTC 2006
I successfully use denyhosts that will automatically blacklist ips after
several failed attempts.
I now have more than 70 IPs blacklisted.
John Merritt wrote:
> Hi,
>
> I get ssh connect attempts all the time, to my servers at home and at
> work. I've noticed lately they come from a certain ip address, hitting
> every 3 or 4 seconds, trying 50 or 100 different user names and
> passwords. And I get these sweeps from 2 or 3 ip addresses a day. I
> guess this is an automated attempt to guess a user/pass and break into
> a system.
>
> I tried to secure ssh better by putting in an AllowUsers line in
> sshd_config. Then I thought tcp wrappers and just putting in my own
> addresses in /etc/hosts.allow would be even better, until I found out
> that all mail to my email server would be rejected.
>
> I have 2 questions. One, is there anything you can do to stop these
> attempts, other than not running ssh?
>
> And two, do those ssh attempts every 3 or 4 seconds slow down a box,
> or put any strain on it?
>
> John
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list