[CentOS] sshd: Authentication Failures: 137 Time(s)
Rainer Traut
tr.ml at gmx.de
Mon Apr 4 13:07:24 UTC 2011
Am 04.04.2011 12:34, schrieb Marian Marinov:
>> How is it possible for an attacker to try to logon more then 4 times?
>> Can the attacker do this with only one TCP/IP connection without
>> establishing a new one?
>> Or have the scripts been adapted to this?
>
> The attackers are not trying constantly.. Just a few bursts of trys.
>
> Look at denyhosts ( http://denyhosts.sourceforge.net/ ).
> I also have a tool for protecting from brute force attacks called Hawk (
> https://github.com/hackman/Hawk-IDS-IPS ).
Ok, thanks to both of you, it seems the scripts getting better and better.
Will change my iptables rule to keep the blacklist for longer.
Thx
Rainer
More information about the CentOS
mailing list