Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Sat, 03 Oct 2009 18:56:23 +0200
  • Message-id: <ha7vnn$da$1@xxxxxxxxxxxxxxxx>
Carlos E. R. wrote:

On Saturday, 2009-10-03 at 18:36 +0200, Per Jessen wrote:

Yeah, I have similar rules on all of my systems, but like I said,
this attack appears to be specifically designed to circumvent that
type of protection.

The defense would have to be collaborative.
Machines being attacked would have to report the IPs the attacks seem
to come from to a central server, which would distribute the data to
the protected "clients", who would then block the entire list.

Yeah, it's a possibility, but it's certainly a lot less effort to use
challenge-response or an alternate port.

Another approach, if you don't expect connections from, say, China,
would be to block based on geoip information.

Yes, that idea struck me too this afternoon. It's not bad at all.


/Per

--
Per Jessen, Zürich (12.3°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups