how to react on ssh attacks?
Tom Yates
madlists at teaparty.net
Mon Oct 24 10:51:38 UTC 2005
On Mon, 24 Oct 2005, Stephanus Fengler wrote:
> I recently checked my log files of my ssh service (so far as I
> understand this is my only service open) and realized that from the very
> same IP I got a lot of request trying to guess a user name on my system,
> I assume. Since login name always changes in even chronological
> alphabetical order.
>
> So shell I worry about it or do I need to do some countermeasures?
in case this is of any use to anyone, i've made a web page out of the
responses i got when i asked this question on a number of lists earlier
this year, plus the details of the solution i went for.
it's not pretty yet, but the emails are up at
http://www.teaparty.net/technotes/ssh-rate-limiting.html. i'll make it
prettier, make the links usable, that sort of thing, as time permits.
hope it's useful to someone.
--
Tom Yates - http://www.teaparty.net
More information about the fedora-list
mailing list