Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Focus On: Vista
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Analyzing Malicious SSH Login Attempts
Christian Seifert
Comments
Mode:
Threaded
Flat
Expand all
|
Post comment
Analyzing malicious SSH login attempts
2006-09-12
Anonymous
Analyzing malicious SSH login attempts
2006-09-12
Peter N. M. Hansteen
(2 replies)
Re: Analyzing malicious SSH login attempts
2006-09-19
scolsuckz
Re: Analyzing malicious SSH login attempts
2006-11-26
Anonymous
Analyzing malicious SSH login attempts
2006-09-12
Henry Escobar
Analyzing malicious SSH login attempts
2006-09-13
Anonymous
Analyzing malicious SSH login attempts
2006-09-15
Ron Jennings
Analyzing malicious SSH login attempts
2006-09-16
Anonymous
Analyzing malicious SSH login attempts
2006-09-19
Alex LaHurreau
Analyzing malicious SSH login attempts
2006-09-26
Russ
(1 replies)
Re: Analyzing malicious SSH login attempts
2006-10-26
Anonymous
Analyzing Malicious SSH Login Attempts
2006-11-06
Anonymous
(1 replies)
This has been an annoyance for me for quite a while.
My home firewall host has the following rules added to the iptables ruleset to discourage such attacks:
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --rcheck --seconds 180 --name sshrecent --rsource -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -m recent --set --name sshrecent --rsource
I've found this to be quite discouraging. If you want to try to guess my long, pseudo-random password over the course of 3 years, go ahead and try!
It's annoying to wait 180 seconds to connect again, but what are you gonna do? I'll definitely look into the blocking tool mentioned above. Thanks.
[ reply ]
Link to this comment:
http://www.securityfocus.com/comments/infocus/1876/745#745
Re: Analyzing Malicious SSH Login Attempts
2007-01-16
Anonymous
(1 replies)
Re: Re: Analyzing Malicious SSH Login Attempts
2007-10-17
Anonymous
Analyzing Malicious SSH Login Attempts
2008-03-31
Anonymous
(1 replies)
Re: Analyzing Malicious SSH Login Attempts
2008-05-04
zulu
Privacy Statement
Copyright 2007, SecurityFocus
My home firewall host has the following rules added to the iptables ruleset to discourage such attacks:
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --rcheck --seconds 180 --name sshrecent --rsource -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -m recent --set --name sshrecent --rsource
I've found this to be quite discouraging. If you want to try to guess my long, pseudo-random password over the course of 3 years, go ahead and try!
It's annoying to wait 180 seconds to connect again, but what are you gonna do? I'll definitely look into the blocking tool mentioned above. Thanks.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1876/745#745