SSH Cracking Attempts
From: Jacob S (stormspotter_at_6Texans.net)
Date: 09/29/04
- Previous message: disciple_at_exis.net: "Firefox Install"
- Next in thread: Nicolas: "Re: SSH Cracking Attempts"
- Reply: Nicolas: "Re: SSH Cracking Attempts"
- Reply: Matthijs: "Re: SSH Cracking Attempts"
- Reply: Kevin Mark: "Re: SSH Cracking Attempts"
- Reply: Joe: "Re: SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 29 Sep 2004 14:09:58 -0500 To: debian-user@lists.debian.org
Every other day or so now I'm seeing attempts in my servers logs where
some remote machine starts trying to guess a username/password
combination to ssh into the server. They try everything from 'test', to
'NOUSER', 'guest', 'root', etc., doing at least one login attempt per
second, each time from a different source port.
So, my question is this. Is there a way to tell ssh to refuse
connections from an ip address after a certain number of failed login
attempts, or is snort the only way to do something like this? So far
I've been taking the manual approach, blocking the ip address with
my firewall after I see it hitting the logs, but that can give them
about an hour to play before I notice it (e-mailed to me by logcheck).
Any suggestions?
TIA,
Jacob
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: disciple_at_exis.net: "Firefox Install"
- Next in thread: Nicolas: "Re: SSH Cracking Attempts"
- Reply: Nicolas: "Re: SSH Cracking Attempts"
- Reply: Matthijs: "Re: SSH Cracking Attempts"
- Reply: Kevin Mark: "Re: SSH Cracking Attempts"
- Reply: Joe: "Re: SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- Re: SSH Cracking Attempts
... > Every other day or so now I'm seeing attempts in my servers logs where ...
> some remote machine starts trying to guess a username/password ... > combination
to ssh into the server. ... > connections from an ip address after a certain number
of failed login ... (Debian-User) - Re: SSH Cracking Attempts
... > From: Jacob S ... > Every other day or so now I'm seeing attempts in
my servers logs where ... > combination to ssh into the server. ... >
connections from an ip address after a certain number of failed login ... (Debian-User) - Re: SSH Blocking
... > by trying multiple SSH logins with all sorts of names. ... > failed
login attempts as any user? ... but it may be simpler to change the port that SSH listens
on. ... Changing SSH port is 'really' more secure ... (Debian-User) - Re: Opening ports in my firewall
... All except SSH ... I see failed login attempts in ... > so
I'd rather leave the ssh port open. ... and not allowing manual password logins.
... (comp.os.linux.security) - Re: Delay between failed login attempts? (OpenSSH)
... I get hackers trying to ssh into my server all the time and /var/log/
... Can I increase the delay between failed login attempts? ... (comp.security.ssh)
