[CentOS] sshd: Authentication Failures: 137 Time(s)
Marian Marinov
mm at yuhu.biz
Mon Apr 4 18:31:41 UTC 2011
On Monday 04 April 2011 21:08:45 David G.Miller wrote:
> Rainer Traut <tr.ml at ...> writes:
> > Hi,
> >
> > to prevent scripted dictionary attacks to sshd
>
> > I applied those iptables rules:
> SNIP
>
>
> Lots of good advice from several people. All of the suggested solutions
> mean you still have to wade through log entries from the unsuccessful
> attacks.
>
> I've been quite happy with similar IP tables rules but I moved sshd to
> listen on something other than port 22 for external connections. I
> haven't seen a single brute force attack since making the move and all
> unsuccessful attempts to login via ssh get logged so it's not like
> attackers can stay below my radar.
This does not help if you provide a public services like shared hosting. We
have all of our ssh daemons listening on different port. It was ok for a month
or two... and then it became almost the same.
>
> It seems that the script kiddies who are responsible for most of these
> attacks don't bother scanning (nmap) before the attack. If port 22 isn't
> open they move elsewhere. If I ever see any failed login attempts I can
> assume that the perpetrator is at least a little more skilled than usual
> and possibly take additional action.
>
> Cheers,
> Dave
>
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
Best regards,
Marian Marinov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20110404/20d236f9/attachment.sig>
More information about the CentOS
mailing list