lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: miriamchan at geocities.com (Miriam Chan) Subject: Re: Any update on SSH brute force attempts? Jay Libove wrote: > Recently, a couple of times a week, I see repeats of this which now have > as many as fifty different accounts being attacked. (Almost none of which > exist on my server, and none of which will have common passwords > thankyouverymuch). By the way, I started to suspect that the attacks were intentional (not just some games by some script kiddies.) I had some servers accepting SSH connections from anywhere (this is for easy access, and I know it is not a very good idea.) Before I set up a Portsentry-like mechanism to block the bad hosts, I got at least 5-6 attempts per day. Afterward, I got nearly none (just some 1-2 attempts a day.) The change looks simply too much for me. If I got some number of attacks a day, I would expect the same number of attacks the next day if the attackes were automatically done by some virus/worms. I wished that it was done by some virus, because (I think) a virus is not more malicious than a planned cracking behaviour. Do anyone have the same observations as me ? It should be great if you saw it and shared your ideas. Miriam.
Powered by blists - more mailing lists