Nicholas Gasparovich on 7 Jun 2012 18:25:15 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH brute force attacks using PlcmSpIp


I know quite a few places that use sshguard (http://www.sshguard.net/)
to help defend against these types of attacks.  I'm pretty sure they
tied some honeypots into it as well.

-Nick

On Thu, Jun 7, 2012 at 9:10 PM, Douglas Muth <doug.muth@gmail.com> wrote:
> On Thu, Jun 7, 2012 at 9:09 PM, JP Vossen <jp@jpsdomain.org> wrote:
>> May be of special interest to VoIP folks...
>>
>> Today a non-public server I manage on a Comcast residential DHCP IP in NJ
>> saw a small SSH brute-force attack from Virpus Networks.  My own Linode
>> hosted server was also attacked by them in Jan & Feb from 50.115.166.129 and
>> 50.115.166.147.  Today's attack was from 50.115.168.188.
>>
>
> Might be a good time for fail2ban.  I think the default is 6 invalid
> password attempts before an iptables rule is written that drops
> everything that IP.
>
> -- Doug
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug