| Nicholas Gasparovich on 7 Jun 2012 18:25:15 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] SSH brute force attacks using PlcmSpIp |
I know quite a few places that use sshguard (http://www.sshguard.net/) to help defend against these types of attacks. I'm pretty sure they tied some honeypots into it as well. -Nick On Thu, Jun 7, 2012 at 9:10 PM, Douglas Muth <doug.muth@gmail.com> wrote: > On Thu, Jun 7, 2012 at 9:09 PM, JP Vossen <jp@jpsdomain.org> wrote: >> May be of special interest to VoIP folks... >> >> Today a non-public server I manage on a Comcast residential DHCP IP in NJ >> saw a small SSH brute-force attack from Virpus Networks. My own Linode >> hosted server was also attacked by them in Jan & Feb from 50.115.166.129 and >> 50.115.166.147. Today's attack was from 50.115.168.188. >> > > Might be a good time for fail2ban. I think the default is 6 invalid > password attempts before an iptables rule is written that drops > everything that IP. > > -- Doug > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug