Re: how to react on ssh attacks?

akonstam_at_trinity.edu
Date: 10/24/05

  • Next message: tlc: "Re: nvidia or ati ?" 
    Date: Mon, 24 Oct 2005 08:36:19 -0500
To: For users of Fedora Core releases <fedora-list@redhat.com>

    On Mon, Oct 24, 2005 at 12:09:21PM +0000, Stephanus Fengler wrote:
    > Boris Glawe wrote:
    >
    > >
    > >>
    > >>
    > >>So shell I worry about it or do I need to do some countermeasures?
    > >
    > >
    > >
    > >Just ignore it, if your passwords are long enough and are NOT based on
    > >words that can be found in dictionaries. Change the passwords from
    > >time to time AND keep your sshd up to date.
    > >
    > >If I have too many root login requests (>200) and I'am able to find
    > >out the attackers provider (with nslookup <ip-address>), I sometimes
    > >write an abuse report to the provider.
    > >
    > >Most of these are attacks are script kiddies who are only successfull
    > >in case that your password is emty or matches the username
    > >
    > >greets Boris
    > >
    > Hi Boris
    > Since I need the ssh service, I can't disable it. Actually counting the
    > number of root pw attacks it was 540 within 28 mins after then he
    > switched over to pw guessing for random usernames for another 500 times
    > and 25 mins. Anyway nslookup gives:
    >
    > nslookup 81.208.32.170
    > Server: 134.60.1.111
    > Address: 134.60.1.111#53
    >
    > Non-authoritative answer:
    > 170.32.208.81.in-addr.arpa name = 81-208-32-170.ip.fastwebnet.it.
    >
    Yoiu might get a little more information from: whois 81.208.32.170
    -------------------------------------------
    Aaron Konstam
    Computer Science
    Trinity University
    telephone: (210)-999-7484 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: tlc: "Re: nvidia or ati ?"