Andreas Jaeger wrote:
On Saturday 03 October 2009 13:21:32 Per Jessen wrote:
Has anyone else noticed the wave of coordinated, distributed ssh attacks? Since Sep30 around 2100CET, I see a login attempt about once a minute, but coming from different IP-addresses. Looks like a coordinated attempt to circumvent the firewalls that block based on too many unsuccessful attempts.
If it would come from the same IP address, the following SUSE Firewall option (set via /etc/sysconfig/SuSEfirewall2 would have helped:
FW_SERVICES_REJECT_INT="" # Example: # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
Still I suggest to enable it.
Yeah, I have similar rules on all of my systems, but like I said, this attack appears to be specifically designed to circumvent that type of protection. /Per -- Per Jessen, Zürich (12.3°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org