[CentOS] sshd: Authentication Failures: 137 Time(s)

Mon Apr 4 18:08:45 UTC 2011
David G. Miller <dave at davenjudy.org>

Rainer Traut <tr.ml at ...> writes:

> 
> Hi,
> 
> to prevent scripted dictionary attacks to sshd
> I applied those iptables rules:
SNIP
> 

Lots of good advice from several people.  All of the suggested solutions mean
you still have to wade through log entries from the unsuccessful attacks.  

I've been quite happy with similar IP tables rules but I moved sshd to listen on
something other than port 22 for external connections.  I haven't seen a single
brute force attack since making the move and all unsuccessful attempts to login
via ssh get logged so it's not like attackers can stay below my radar.

It seems that the script kiddies who are responsible for most of these attacks
don't bother scanning (nmap) before the attack.  If port 22 isn't open they move
elsewhere.  If I ever see any failed login attempts I can assume that the
perpetrator is at least a little more skilled than usual and possibly take
additional action.

Cheers,
Dave