|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Brute force SSH attack confounds defenders
|
KEYS KEYS KEYS
something tells me what we all already know is going to become a must
that and changing the SSH Port.
for us - we block our SSH ports except to specific ip ranges
Tends to help
Perhaps a different approach is needed.
Imagine if we had a way to block brute force for any username not
assigned to the system automatically ie - 2 times max
On Dec 9, 2008, at 11:06 PM, Brian Vagnoni wrote:
> There goes the neighborhood :-)
>
> ATTACKS
> --SSH Brute Force Attack Uses Botnet to Target Specific Servers
> (December 5 & 8, 2008)
> After noting a spike in failed SSH logins in October, researchers
> identified an ongoing brute-force attack that involves multiple
> machines
> that have been compromised with bot software. The attacks target
> specific servers. Researchers have not been able to obtain a sample
> of
> the botnet code used in the attack.
> http://www.theregister.co.uk/2008/12/08/brute_force_ssh_attack/
> http://www.heise-online.co.uk/security/Distributed-SSH-attacks-bypass-blacklists--/news/112174
>
>
>
> --------------------------------------------------
> Brian Vagnoni
> PGP Digital Fingerprint
> F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
> --------------------------------------------------
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|