[H-GEN] Re: Blocking SSH exploits
Troy Piggins
troy at piggo.com
Sun Aug 22 19:16:03 EDT 2004
> From: Sarah Walters <s.walters at its.uq.edu.au>
>
> Hi all,
>
> In the daily security report generated by our FreeBSD box, we've been
<snip log>
> getting a lot of messages like the following lately:
> Of course we don't have SSH enabled for root under any circumstances,
> but we do SSH home frequently so would not want to block external IPs
> altogether. Has anyone seen a similar increase in such attempts, and is
> there something out there that I should know about?
>
> By the way, we are thinking that it would be nice to be able to block
> IPs that make any such attempts automatically, probably for about 10
> minutes. Does anyone know how to do this, and would it be worthwhile trying?
>
> Regards,
> Sarah Walters
I have been getting similar attempts, with attempted usernames of
root, test, and guest. The IP addresses change - whois indicated
the address blocks are from Ukraine, Korea, Japan, Italy -
basically all over the place. I came to the conclusion that the
owners of the IPs are not the ones doing it, but are compromised or
spoofed.
If you want ssh available to the outside world, I guess you just
have to ensure good username and password policies, and hope that
openssh has no security leaks or exploits ... and keep it up to
date.
--
T R O Y P I G G I N S
e : troy at piggo.com
More information about the General
mailing list