Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Chuck Payne <terrorpup@xxxxxxxxx>
  • Date: Sat, 3 Oct 2009 16:19:31 -0400
  • Message-id: <630b55a80910031319m57df4af2v2e391d931a66a8e9@xxxxxxxxxxxxxx>
On Sat, Oct 3, 2009 at 4:07 PM, Carlos E. R.
<robin.listas@xxxxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Saturday, 2009-10-03 at 20:19 +0200, Matthias Bach wrote:

Am Samstag 03 Oktober 2009 18:56:23 schrieb Per Jessen:

Carlos E. R. wrote:

On Saturday, 2009-10-03 at 18:36 +0200, Per Jessen wrote:

Yeah, I have similar rules on all of my systems, but like I said,
this attack appears to be specifically designed to circumvent that
type of protection.

The defense would have to be collaborative.
Machines being attacked would have to report the IPs the attacks seem
to come from to a central server, which would distribute the data to
the protected "clients", who would then block the entire list.

Yeah, it's a possibility, but it's certainly a lot less effort to use
challenge-response or an alternate port.

Something like that already exists in denyhosts.

Not as a collaborative, dynamic, effort?

The bad guys collaborate somehow to attack us. To defend ourselves we have
to join forces against them. But it probably needs some organization or
business to provide the development effort, servers, and authentication.

Ie, a server to list bots and block them. And probably inform the police,
and a real effort by the authorities to go against them. Even fines against
the owners of the botted machines, for not taking the appropriate
precautions. Same as a car owner has some responsibilities, the owner of a
machine connected to Internet must be responsible for it.

- -- Cheers,
      Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkrHrxUACgkQtTMYHG2NR9VMTgCfSS+Vm2n/DC2E9lTftx3LAEfd
CfoAn10a/PldFlBH2hAVKD3OC1expJv5
=umeG
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx



Guys, I have a script that been storing all the ssh attacks for over
the last 6 months if anyone one like a dump of it, I more than happy
to share it. It got about 1000+ ip in it.

--
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- http://en.opensuse.org/User:Terrorpup
openSUSE Ambassador
openSUSE Member
skype -- terrorpup
twitter -- terrorpup
Identica -- terrorpup
freenode(irc) -- terrorpup/lupinstein.
friendfeed -- http://friendfeed.com/terrorpup

Have you tried SUSE Studio? Need to create a Live CD, an app you want
to package and distribute , or create your own linux distro. Give SUSE
Studio a try.
http://www.susestudio.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups