Sam Gleske on 8 Jun 2012 07:17:19 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH brute force attacks using PlcmSpIp


Also running on a non-standard port doesn't prevent you from receiving attacks.  If you run telnet,
telnet somehost.somenetwork.com 22

and set the port 22 to your non-standard port you'll still see the SSH banner.  My ssh banner says SSH-2.0-OpenSSH_4.3.  It's not difficult to hook and parse the banner for SSH servers.

On Fri, Jun 8, 2012 at 10:13 AM, Sam Gleske <sam.mxracer@gmail.com> wrote:
Why not just blacklist 50.115.0.0/16 and be done with it?  Is there ever an occasion where you think you need to be on Virpus Networks to access your computer?  If not then ban them into oblivion.

SAM

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug