how to react on ssh attacks?
akonstam at trinity.edu
akonstam at trinity.edu
Mon Oct 24 13:36:19 UTC 2005
On Mon, Oct 24, 2005 at 12:09:21PM +0000, Stephanus Fengler wrote:
> Boris Glawe wrote:
>
> >
> >>
> >>
> >>So shell I worry about it or do I need to do some countermeasures?
> >
> >
> >
> >Just ignore it, if your passwords are long enough and are NOT based on
> >words that can be found in dictionaries. Change the passwords from
> >time to time AND keep your sshd up to date.
> >
> >If I have too many root login requests (>200) and I'am able to find
> >out the attackers provider (with nslookup <ip-address>), I sometimes
> >write an abuse report to the provider.
> >
> >Most of these are attacks are script kiddies who are only successfull
> >in case that your password is emty or matches the username
> >
> >greets Boris
> >
> Hi Boris
> Since I need the ssh service, I can't disable it. Actually counting the
> number of root pw attacks it was 540 within 28 mins after then he
> switched over to pw guessing for random usernames for another 500 times
> and 25 mins. Anyway nslookup gives:
>
> nslookup 81.208.32.170
> Server: 134.60.1.111
> Address: 134.60.1.111#53
>
> Non-authoritative answer:
> 170.32.208.81.in-addr.arpa name = 81-208-32-170.ip.fastwebnet.it.
>
Yoiu might get a little more information from: whois 81.208.32.170
-------------------------------------------
Aaron Konstam
Computer Science
Trinity University
telephone: (210)-999-7484
More information about the fedora-list
mailing list