RE: [PLUG] ssh brute force attacks & real time offending IP lists

Mark Baker on 26 Jul 2007 15:36:58 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] ssh brute force attacks & real time offending IP lists

From: "Mark Baker" <mark.baker@hxti.com>

To: plug@lists.phillylinux.org

Subject: RE: [PLUG] ssh brute force attacks & real time offending IP lists

Date: Thu, 26 Jul 2007 11:36:46 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

I use ssh keys, so I am not very worried about the ssh accounts being compromised. However, the company I work for stores very sensitive medical data & any attack or brute force attempt is more than I want to risk. Mark > -----Original Message----- > From: Bill Hance [mailto:bill@billhance.com] > Sent: Thursday, July 26, 2007 10:51 AM > To: Philadelphia Linux User's Group Discussion List > Subject: Re: [PLUG] ssh brute force attacks & real time offending IP lists > > > > >> I was also wondering if any of you are blocking the ip classes of china > >> and > >> other countries where it seams most of these attacks are originating. I > >> am > >> receiving these Ssh brute force attacks at an increasing rate, several > a > >> night, and am just looking for ways to be proactive and not reactive to > >> each > >> attack. > > > > That decision is yours. If you have no reason to allow logins from a > > given address space and its giving you problems, then blocking it is a > > valid solution. > > > > > If you have proper passwords, that wont be guessed in a million years, > why worry? Let the kiddies play with their scripts... :-) > > You could always configure SSH so that only user s7&k-sM is allowed to > connect. Then, the kiddies would never even guess the username much > less the password. > > I can't imagine SSH attempts waste much bandwidth. > > -Bill > > > ________________________________________________________________________ __ > _ > Philadelphia Linux Users Group -- > http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug- > announce > General Discussion -- > http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] ssh brute force attacks & real time offending IP lists
From: "darin strait" <darin.strait@ashdar-partners.com>

References:

Re: [PLUG] ssh brute force attacks & real time offending IP lists
From: "Bill Hance" <bill@billhance.com>

Prev by Date: [PLUG] Edubuntu logging out everytime an app is closed

Next by Date: Re: [PLUG] ssh brute force attacks & real time offending IP lists

Previous by thread: Re: [PLUG] ssh brute force attacks & real time offending IP lists

Next by thread: Re: [PLUG] ssh brute force attacks & real time offending IP lists

Index(es):

Date

Thread