David Kaplowitz on 26 Apr 2005 15:28:07 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Increase in SSH break-in attempts?

Hash: SHA1

Mike Leone wrote:

>Anybody else noticing an increase lately, in the number of break-in attempts
>via SSH? I'm seeing more and more things like this, over the last few weeks:

Yeah, since around October of 2004. I have a copy of the script
somewhere that I found on an advisory site when I was researching the
issue. It started out just polling for about 4-5 common users.
Apparently what you have is an expanded user list. Sad thing is this
script has apparently been working, hence its popularity.

I never worried as long as I never allowed root to log in via SSH, and
as long as I had a unique uid and a strong password. But for users on
larger systems, that may not be an option.

I finally got sick of the logs and moved my SSH listen port to some
high numbered port and my logs have cleaned up 100%. For me it was
well worth the inconvenience of having to use an alternative port. YMMV.



- --
David Kaplowitz
UNIT Unix Systems group
Villanova University
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug