Mike Leone on 26 Apr 2005 18:24:08 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Increase in SSH break-in attempts?


Paul L. Snyder (plsnyder@drexel.edu) had this to say on 04/26/05 at 10:40: 
> Quoting Mike Leone <turgon@mike-leone.com>:
> 
> > Anybody else noticing an increase lately, in the number of break-in
> > attempts
> > via SSH? I'm seeing more and more things like this, over the last few
> > weeks:
> [...]
> > > Apr 26 09:46:37 mail sshd[23206]: Failed password for illegal user
> > jordan from 72.21.36.122 port 57322 ssh2
> > > Apr 26 09:46:39 mail sshd[23208]: Failed password for illegal user
> > michael from 72.21.36.122 port 57420 ssh2
> 
> I saw something like this on my home system about two months back, with
> a similarly inane list of usernames...definitely scripty/wormy activity.
> 
> When I noticed, I disabled password authentication for ssh...I use key-
> based auth for the most part, anyway.

You mean certificates? That works well if you connect from the same machine
all the time, but what do you do to check in with your home system if you
happen to be at your buddy's house, for example? Or am I misunderstanding?

> 
> I've been meaning to play around with port knocking.  Any thoughts
> from folks who've experimented with it or are using it now?
> 
> pls
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug