SSH attacks ?
Jurvis LaSalle
lasalle at bard.edu
Thu Sep 16 16:12:51 UTC 2004
On Sep 16, 2004, at 9:51 AM, Jason Dixon wrote:
> On Sep 16, 2004, at 9:48 AM, Reuben D. Budiardja wrote:
>
>> Hello,
>> Just wondering if anyone's been seeing a lot of SSH attempts to their
>> machines
>> lately. I've seen at least 30 - 60 unautorizhed, brute force attempts
>> to each
>> of my server daily, and they come from different domain everyday.
>
> If, by brute force, you mean the "Admin/root/guest" dumb attempts,
> then yes, I have about one attempt daily. This has been going on for
> at least the last month or so IIRC. As long as you're patched and not
> using incredibly poor passwords, you'll be fine. Search the NANOG
> archives if you need more detail.
>
>
I have also seen such an increase in "brute force" attacks over the
last month. Different ip everyday- but they are increasing the
accounts they try.
Can an attacker determine the version string of sshd running on a
machine without a successful login? If so, could the fact that RHEL
has backported patches and kept the string at "3.6.1p2" given these
crackers false hope that this is a vulnerable sshd? Just wondering...
Jurvis LaSalle
More information about the redhat-list
mailing list