rootkit?
Rahul Sundaram
sundaram at redhat.com
Mon Dec 12 23:20:09 UTC 2005
Dan Hollis wrote:
> On Mon, 12 Dec 2005, Chasecreek Systemhouse wrote:
>
>> I would say there is a ssh brute force hack floating around that has
>> not been documented yet; as such it is all Server admins best
>> interests to remain vigilant.
>
>
> ssh bruteforcers have been around for a couple years now. it's a sign
> of desperation by spammers -- traditional exploits are no longer
> effective due to selinux, grsecurity et al, so they have switched to
> bruteforce.
>
> i've seen attacks of upwards of 500mbit/sec of ssh attempts. they
> don't even bother trying to be sneaky about it.
>
> pam_abl is extremely effective in preventing bruteforce attacks:
> http://www.hexten.net/pam_abl/
pam_abl is available as part of Fedora Extras. Denyhosts, also in
Fedora Extras does something similar.
regards
Rahul
More information about the fedora-test-list
mailing list