[Intrusions] SSH brute forcers
Scott Mcintyre
security at isnnetworks.net
Mon May 30 20:10:47 GMT 2005
How many of the ips do you actualy report to the isps?
BruteForcing in general should not be much of a problem, install brute
force detectors, theres lots out there. Even if someone does brute
force you for a reason, you should not have anything to worry about
providing you use strong passwords.
> WOOOHOOO. Its getting to the point that the SSH brute force attmepts
> on the 2 servers I am working on atm are coming at 4 to 8 times a
day,
> no reasoning behind the number of attempts yet either.
>
> Jim McCullough
>
> On 5/28/05, DHoelzer at cyber-defense.org <DHoelzer at cyber-defense.org>
wrote:
> > I've been automatically shunning SSH brute forcers for several
months now
> > but I've recently decided to become a bit more aggressive. I am
now
> > publishing a blacklist populated by known SSH bruteforcing sources
on my
> > site that is updated every minute based on my own detects from
several
> > sites. If you have any addresses to contribute please send them
my way.
> > Feel free to grab a copy of the list if you want to populate your
ACLs
> > which is what I'm doing for my customers.
> >
> > Best regards
> > -----------------------------------------------------
> > David Hoelzer
> > Cyber-Defense.org
> > http://www.cyber-defense.org/CV.html
> > _______________________________________________
> > Intrusions mailing list
> > Intrusions at lists.sans.org
> > http://www.dshield.org/mailman/listinfo/intrusions
> >
>
>
> --
> Jim McCullough
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
More information about the Intrusions
mailing list