[CentOS] sshd: Authentication Failures: 137 Time(s)

Mon Apr 4 19:15:28 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

David G. Miller wrote:

> Rainer Traut <tr.ml at ...> writes:
> 
>> Hi,
>>
>> to prevent scripted dictionary attacks to sshd
>> I applied those iptables rules:
> SNIP
> 
> Lots of good advice from several people.  All of the suggested solutions mean
> you still have to wade through log entries from the unsuccessful attacks.  
> 
> I've been quite happy with similar IP tables rules but I moved sshd to listen on
> something other than port 22 for external connections.  I haven't seen a single
> brute force attack since making the move and all unsuccessful attempts to login
> via ssh get logged so it's not like attackers can stay below my radar.
> 
> It seems that the script kiddies who are responsible for most of these attacks
> don't bother scanning (nmap) before the attack.  If port 22 isn't open they move
> elsewhere.  If I ever see any failed login attempts I can assume that the
> perpetrator is at least a little more skilled than usual and possibly take
> additional action.
> 
> Cheers,
> Dave
> 

I use Denyhosts for my security. All attacking IP's are blocked 
automatically and sent to Denyhosts database server. Those IP's, from 
around the world are then shared amongst all denyhosts users/systems, so 
   I am already protected from IP's attacking others.

Ljubomir