Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Andreas Jaeger <aj@xxxxxxxxxx>
  • Date: Sat, 3 Oct 2009 18:08:42 +0200
  • Message-id: <200910031808.46205.aj@xxxxxxxxxx>
On Saturday 03 October 2009 13:21:32 Per Jessen wrote:
Has anyone else noticed the wave of coordinated, distributed ssh
attacks? Since Sep30 around 2100CET, I see a login attempt about once
a minute, but coming from different IP-addresses. Looks like a
coordinated attempt to circumvent the firewalls that block based on too
many unsuccessful attempts.

If it would come from the same IP address, the following SUSE Firewall option
(set via /etc/sysconfig/SuSEfirewall2 would have helped:

FW_SERVICES_REJECT_INT=""
# Example:
# Allow max three ssh connects per minute from the same IP address:
# "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

Still I suggest to enable it.

Is there a similar rule for different IP-addresses?

Andreas
--
Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org}
Twitter: jaegerandi | Identica: jaegerandi
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Maxfeldstr. 5, 90409 Nürnberg, Germany
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
< Previous Next >
Follow Ups
References