Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Sun, 04 Oct 2009 10:52:59 +0200
  • Message-id: <ha9npb$50m$1@xxxxxxxxxxxxxxxx>
David C. Rankin wrote:

On Saturday 03 October 2009 06:21:32 am Per Jessen wrote:
Has anyone else noticed the wave of coordinated, distributed ssh
attacks? Since Sep30 around 2100CET, I see a login attempt about
once
a minute, but coming from different IP-addresses. Looks like a
coordinated attempt to circumvent the firewalls that block based on
too many unsuccessful attempts.


/Per


Per,

Have you moved ssh to a high port yet? If you do, all noise on your
ssh port will cease. Worth its weight in gold!


Until this distributed attack my regular method of blocking based on
number of attempts from a single IP has worked just fine, but yes, I've
now moved sshd to another port on all my external systems. The local
systems don't allow external ssh access.
I'm still considering moving to the no-password-login setup as Hans
Witvliet suggested. It's clearly the optimal solution, I'm just a
little concerned about the management when each server needs to "know"
about (need to have the key) each possible client.


/Per

--
Per Jessen, Zürich

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups