Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Sat, 3 Oct 2009 18:49:51 +0200 (CEST)
  • Message-id: <alpine.LSU.2.00.0910031846400.12109@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Saturday, 2009-10-03 at 18:36 +0200, Per Jessen wrote:

Yeah, I have similar rules on all of my systems, but like I said, this
attack appears to be specifically designed to circumvent that type of
protection.

The defense would have to be collaborative.

Machines being attacked would have to report the IPs the attacks seem to come from to a central server, which would distribute the data to the protected "clients", who would then block the entire list.


Another approach, if you don't expect connections from, say, China, would be to block based on geoip information.

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkrHgLAACgkQtTMYHG2NR9U8ngCcCtwkhaswL0d4LRHpYNj+0mfU
9ocAn3d4SjuMO9jcW6ihBkXMl6jYIpjX
=TdLu
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups