Responding to a Brute Force SSH Attack

Responding to a Brute Force SSH Attack
Jamie Riden

It was a bad start to a Monday morning: I arrived at work to find the intrusion detection system so bogged down in alerts that it was barely responsive.

Expand all | Post comment

Responding to a Brute Force SSH Attack 2008-12-04
p0f-db (1 replies)

Re: Responding to a Brute Force SSH Attack 2008-12-08
Jamie

Responding to a Brute Force SSH Attack 2008-12-08
Mat

Responding to a Brute Force SSH Attack 2008-12-23
Anonymous (1 replies)

Re: Responding to a Brute Force SSH Attack 2009-04-28
Anonymous

Responding to a Brute Force SSH Attack 2009-01-06
Anonymous

Responding to a Brute Force SSH Attack 2009-01-21
Anonymous

Responding to a Brute Force SSH Attack 2009-01-27
Jansen Sena (jansen (at) jsena (dot) info [email concealed])

I used to run SSH daemon in an unsual port like showed in the article. Together with this configuration, I like to use fwknop to implement SPA (Single Packet Authorisation). In this case, the SSH daemon will be reachable just from the pre-authorised sources.

If SPA is useful to your reality, consider to use it!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1903/1264#1264

Responding to a Brute Force SSH Attack 2009-02-23
Anonymous

Responding to a Brute Force SSH Attack 2009-03-11
Anonymous

Responding to a Brute Force SSH Attack 2009-05-11
Anonymous

Responding to a Brute Force SSH Attack 2009-07-17
Anonymous