brute force ssh attack
Chris Stark
cstark at hawaii.edu
Thu May 5 02:01:18 UTC 2005
On Wednesday 04 May 2005 3:47 pm, Jeff Vian wrote:
> On Wed, 2005-05-04 at 18:23 -0700, Daniel B. Thurman wrote:
> > Folks,
> >
> > Seems that I am getting daily brute-force ssl attacks --
> > Anything I can or should do?
> >
> > Here is the System Logs:
> > =======================================
> > May 4 01:01:50 linux sshd[10438]: Did not receive identification string
> > from ::ffff:194.65.138.98 May 4 01:04:44 linux sshd[10448]: Illegal user
> > temp from ::ffff:194.65.138.98 May 4 01:04:57 linux sshd[10448]: Failed
> > password for illegal user temp from ::ffff:194.65.138.98 port 52888 ssh2
> I set my firewall to block ssh from everywhere except the few places I
> might use for remote access. It drastically cut down the attempts to
> get in. I now only get hit from one or 2 IPs a day.
What would you recommend for those of us who need to administer systems from
dynamic IPs? I've got pretty tight restrictions on allowed users/groups plus
no root logins. I haven't gotten broken into, but this sure is irritating. Is
there more that can be done (reasonably)?
Aloha
--
Chris Stark
Musician, Linux User, & Grad Student
http://chrisstark.com/
More information about the fedora-list
mailing list