[CentOS] ssh attack

Tue Feb 14 13:03:35 UTC 2006
Peter Kjellström <cap at nsc.liu.se>

Peopled hav had lots of suggestions... pretty much everything has been 
suggested except for my approach:

1) don't use 1234 or test for password
2) ignore the suckers


On Monday 13 February 2006 23:58, John Merritt wrote:
> Hi,
> I get ssh connect attempts all the time, to my servers at home and at
> work. I've noticed lately they come from a certain ip address, hitting
> every 3 or 4 seconds, trying 50 or 100 different user names and
> passwords. And I get these sweeps from 2 or 3 ip addresses a day. I
> guess this is an automated attempt to guess a user/pass and break into a
> system.
> I tried to secure ssh better by putting in an AllowUsers line in
> sshd_config. Then I thought tcp wrappers and just putting in my own
> addresses in /etc/hosts.allow would be even better, until I found out
> that all mail to my email server would be rejected.
> I have 2 questions. One, is there anything you can do to stop these
> attempts, other than not running ssh?
> And two, do those ssh attempts every 3 or 4 seconds slow down a box, or
> put any strain on it?
> John

  Peter Kjellström               |
  National Supercomputer Centre  |
  Sweden                         | http://www.nsc.liu.se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20060214/a54cc143/attachment-0002.sig>