Brian Vagnoni on 9 Dec 2008 20:39:00 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Brute force SSH attack confounds defenders

----- Original Message -----
From: Alex Valentine
> Problem solved.
----- Original Message -----

>From the 2nd link.

They are talking bot***NET*** level attacks. But still thanks. 

Tools like DenyHosts, BruteForceBlocker or fail2ban for preventing attacks on SSH servers usually count the number of failed log-in attempts from one IP address and enter addresses that exceed a given threshold on a blacklist (usually /etc/hosts.deny) or as a rule in the firewall. The system subsequently blocks any further log-in attempts from blacklisted remote IP addresses.

The distributed method prevents the tools from flagging attackers after only a few log-in attempts. Depending on the scale of the distributed attack, several thousand attempts to log into an account can be made. The attacks are suspected to be carried out by botnets.

Brian Vagnoni
PGP Digital Fingerprint
F076 6EEE 06E5 BEEF EBBD  BD36 F29E 850D FC32 3955
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --