[CentOS] sshd: Authentication Failures: 137 Time(s)
Rainer Traut
tr.ml at gmx.deMon Apr 4 09:18:43 UTC 2011
- Previous message: [CentOS] How to install wine ?
- Next message: [CentOS] sshd: Authentication Failures: 137 Time(s)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown (www.telkom.co.ke): 137 Time(s) unknown (mkongwe.jambo.co.ke): 130 Time(s) unknown (212.49.70.24): 107 Time(s) root (195.191.250.101): 8 Time(s) How is it possible for an attacker to try to logon more then 4 times? Can the attacker do this with only one TCP/IP connection without establishing a new one? Or have the scripts been adapted to this? Thx Rainer
- Previous message: [CentOS] How to install wine ?
- Next message: [CentOS] sshd: Authentication Failures: 137 Time(s)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list