darin strait on 26 Jul 2007 15:52:47 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh brute force attacks & real time offending IP lists

Did I miss the discussion of why fail2ban is an inappropriate solution?

-- d

On 7/26/07, Mark Baker <mark.baker@hxti.com > wrote:
I use ssh keys, so I am not very worried about the ssh accounts being
compromised.  However, the company I work for stores very sensitive
medical data & any attack or brute force attempt is more than I want to
risk.

Mark

> -----Original Message-----
> From: Bill Hance [mailto: bill@billhance.com]
> Sent: Thursday, July 26, 2007 10:51 AM
> To: Philadelphia Linux User's Group Discussion List
> Subject: Re: [PLUG] ssh brute force attacks & real time offending IP
lists
>
> >
> >> I was also wondering if any of you are blocking the ip classes of
china
> >> and
> >> other countries where it seams most of these attacks are
originating. I
> >> am
> >> receiving these Ssh brute force attacks at an increasing rate,
several
> a
> >> night, and am just looking for ways to be proactive and not
reactive to
> >> each
> >> attack.
> >
> > That decision is yours. If you have no reason to allow logins from a
> > given address space and its giving you problems, then blocking it is
a
> > valid solution.
> >
>
>
>   If you have proper passwords, that wont be guessed in a million
years,
> why worry?  Let the kiddies play with their scripts...   :-)
>
>   You could always configure SSH so that only user s7&k-sM is allowed
to
> connect.  Then, the kiddies would never even guess the username much
> less the password.
>
>   I can't imagine SSH attempts waste much bandwidth.
>
>   -Bill
>
>
>
________________________________________________________________________
__
> _
> Philadelphia Linux Users Group         --
> http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-
> announce
> General Discussion  --
> http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --         http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug