[CentOS] sshd: Authentication Failures: 137 Time(s)
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon Apr 4 18:21:03 UTC 2011
David G. Miller wrote:
> Rainer Traut <tr.ml at ...> writes:
>
>>
>> to prevent scripted dictionary attacks to sshd
>> I applied those iptables rules:
> SNIP
>
> Lots of good advice from several people. All of the suggested solutions
> mean you still have to wade through log entries from the unsuccessful
attacks.
Excerpt for tools like fail2ban.
>
> I've been quite happy with similar IP tables rules but I moved sshd to
> listen on something other than port 22 for external connections. I
haven't seen a
> single brute force attack since making the move and all unsuccessful
attempts to
> login via ssh get logged so it's not like attackers can stay below my
radar.
>
> It seems that the script kiddies who are responsible for most of these
> attacks don't bother scanning (nmap) before the attack. If port 22
isn't open
> they move elsewhere. If I ever see any failed login attempts I can
assume that the
> perpetrator is at least a little more skilled than usual and possibly take
> additional action.
*sigh*
It's not even script kiddies much, anymore: it's China, and Brazil, and
then, way down, Russia, Thailand, Italy, the Netherlands, etc, etc. -
botnets.
Some are, obviously, with misspelled logins (from last night: comercial),
or a, aa, aaa) but some do know: root, oracle, netdump....
mark "ah, to return to the good ol' days, before Cantor and Siegal"
More information about the CentOS
mailing list