[Dshield] SSH threats

Don Wilder don.wilder at gmail.com
Tue Oct 2 18:22:39 GMT 2007


In the 5+ years I have been using this method, I have had very few
legitimate users that get blocked with this method.

I feel if someone/bot is attempting to log into my server on ssh that they
are up to no good (it's not a service we offer to our customers) and
therefore I have no issues at all with blocking the ip address permanently
on all ports.


On 10/1/07, Tomas L. Byrnes <tomb at byrneit.net> wrote:
>
> How do you handle the "scorched earth" problem? Many attacking IPs are
> dynamic.
>
>
>
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of Don Wilder
> > Sent: Monday, October 01, 2007 11:29 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] SSH threats
> >
> > I use an iptables script setup that will add the ip address
> > of someone attempting to log into my servers with an invalid
> > name or any of the common services. The block list I have now
> > has grown pretty large from all the scans, but once in the
> > blocked list they get cut off from all services.
> >
> >
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346
>



-- 
---------------------------------------------
Don Wilder
Senior Analyst
---------------------------------------------

Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning.


More information about the list mailing list