[H-GEN] Blocking SSH exploits
Sarah Walters
s.walters at its.uq.edu.au
Sun Aug 22 05:12:15 EDT 2004
Hi all,
In the daily security report generated by our FreeBSD box, we've been
getting a lot of messages like the following lately:
tempus.walters.id.au login failures:
Aug 21 09:07:25 tempus sshd[14677]: Failed password for root from 219.238.239.178 port 39247 ssh2
Aug 21 09:11:48 tempus sshd[14715]: Failed password for root from 218.38.14.54 port 46055 ssh2
Aug 21 09:11:52 tempus sshd[14717]: Failed password for root from 218.38.14.54 port 46156 ssh2
Aug 21 21:18:49 tempus sshd[16716]: Failed password for root from 203.172.67.151 port 3989 ssh2
Aug 21 21:18:56 tempus sshd[16720]: Failed password for root from 203.172.67.151 port 4110 ssh2
Of course we don't have SSH enabled for root under any circumstances,
but we do SSH home frequently so would not want to block external IPs
altogether. Has anyone seen a similar increase in such attempts, and is
there something out there that I should know about?
By the way, we are thinking that it would be nice to be able to block
IPs that make any such attempts automatically, probably for about 10
minutes. Does anyone know how to do this, and would it be worthwhile trying?
Regards,
Sarah Walters
More information about the General
mailing list