Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Sat, 03 Oct 2009 18:36:22 +0200
  • Message-id: <ha7ui6$9h$1@xxxxxxxxxxxxxxxx>
Andreas Jaeger wrote:

On Saturday 03 October 2009 13:21:32 Per Jessen wrote:
Has anyone else noticed the wave of coordinated, distributed ssh
attacks? Since Sep30 around 2100CET, I see a login attempt about
once a minute, but coming from different IP-addresses. Looks like a
coordinated attempt to circumvent the firewalls that block based on
too many unsuccessful attempts.

If it would come from the same IP address, the following SUSE Firewall
option (set via /etc/sysconfig/SuSEfirewall2 would have helped:

FW_SERVICES_REJECT_INT=""
# Example:
# Allow max three ssh connects per minute from the same IP address:
# "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

Still I suggest to enable it.

Yeah, I have similar rules on all of my systems, but like I said, this
attack appears to be specifically designed to circumvent that type of
protection.


/Per

--
Per Jessen, Zürich (12.3°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups