Re: [PLUG] SSH brute force attacks using PlcmSpIp

Sam Gleske on 8 Jun 2012 07:17:19 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH brute force attacks using PlcmSpIp

From: Sam Gleske <sam.mxracer@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] SSH brute force attacks using PlcmSpIp
Date: Fri, 8 Jun 2012 10:16:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=/XB6rJWdfuKw/FP9Mer2b7MVeevMvTPfaiFUKQmFA40=; b=GBp0l47edsD2F3KY629rCMmvFxiBWKbgn02ZGhaK+Af8mTAA+3M5fXuLJhB8wYF71t +4azwggdevzjYkjYY/B2KPQQfivbJdOIzBxZnI1AlMr6xeCqh109tIf9v00C7HUMDuQi 5AMic9CCTzTrGM+Z851T0Doysn35Isli8EdGojINA3oUt/fcNRP6DFZv2EpilO0a+E1h 4eR3EdWX1Cuj9UEFRmgSHqVy2WXLmubk6AXPbcCGZxiiT4TZXmMo7oxlrP9K/VApcF2U trr5PX0l3HcgRUyyDUsQTCJQRip8afF1cxDVa+9ACiFsUkJtVm/Ji0QSuichwLpHJ+gb nNYg==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

Also running on a non-standard port doesn't prevent you from receiving attacks. If you run telnet,
telnet somehost.somenetwork.com 22

and set the port 22 to your non-standard port you'll still see the SSH banner. My ssh banner says SSH-2.0-OpenSSH_4.3. It's not difficult to hook and parse the banner for SSH servers.

On Fri, Jun 8, 2012 at 10:13 AM, Sam Gleske <sam.mxracer@gmail.com> wrote:

Why not just blacklist 50.115.0.0/16 and be done with it? Is there ever an occasion where you think you need to be on Virpus Networks to access your computer? If not then ban them into oblivion.

SAM

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] SSH brute force attacks using PlcmSpIp
  - From: brent timothy saner <brent.saner@gmail.com>

References:
- [PLUG] SSH brute force attacks using PlcmSpIp
  - From: JP Vossen <jp@jpsdomain.org>
- Re: [PLUG] SSH brute force attacks using PlcmSpIp
  - From: Douglas Muth <doug.muth@gmail.com>
- Re: [PLUG] SSH brute force attacks using PlcmSpIp
  - From: Nicholas Gasparovich <nick@gasponet.com>
- Re: [PLUG] SSH brute force attacks using PlcmSpIp
  - From: Sam Gleske <sam.mxracer@gmail.com>

Prev by Date: Re: [PLUG] SSH brute force attacks using PlcmSpIp
Next by Date: Re: [PLUG] I need a book recommendation
Previous by thread: Re: [PLUG] SSH brute force attacks using PlcmSpIp
Next by thread: Re: [PLUG] SSH brute force attacks using PlcmSpIp
Index(es):
- Date
- Thread