lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.58.0410151517180.29672@panther6.felines.org>
From: libove at felines.org (Jay Libove)
Subject: Any update on SSH brute force attempts?

A month or three back, I engaged in some conversation with others here on
full-disclosure about brute force login attempts several of us were seeing
on our SSH servers.  Brute force isn't really the right description, as
each account is only tried a few times (root gets about 50).  As we
surmised before, this still looks like an attack looking for certain known
ID/password combinations.

Recently, a couple of times a week, I see repeats of this which now have
as many as fifty different accounts being attacked.  (Almost none of which
exist on my server, and none of which will have common passwords
thankyouverymuch).

What are you doing/changing about your SSH configurations to reduce the
possibility of these attacks finding any kind of hole in the OpenSSH
software (that's what I run, so that's the only version I'm particularly
concerned about) ?  Are you doing anything at all?

Thanks
-Jay

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ