Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
--name SSH --rsource
And this is part of logwatch:
sshd:
Authentication Failures:
unknown (www.telkom.co.ke): 137 Time(s)
unknown (mkongwe.jambo.co.ke): 130 Time(s)
unknown (212.49.70.24): 107 Time(s)
root (195.191.250.101): 8 Time(s)
How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without
establishing a new one?
Or have the scripts been adapted to this?
Thx
Rainer
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
sshd: Authentication Failures: 137 Time(s)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: "'CentOS mailing list'" <centos@xxxxxxxxxx>
- Subject: sshd: Authentication Failures: 137 Time(s)
- From: Rainer Traut <tr.ml@xxxxxx>
- Date: Mon, 04 Apr 2011 11:18:43 +0200
- Delivered-to: centos@xxxxxxxxxx
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
- Follow-Ups:
- Re: sshd: Authentication Failures: 137 Time(s)
- From: rrichard
- Re: sshd: Authentication Failures: 137 Time(s)
- From: David G. Miller
- Re: sshd: Authentication Failures: 137 Time(s)
- From: Marian Marinov
- Re: sshd: Authentication Failures: 137 Time(s)
- From: David Sommerseth
- Re: sshd: Authentication Failures: 137 Time(s)
- Prev by Date: Re: question on software raid
- Next by Date: Re: How to install wine ?
- Previous by thread: How to install wine ?
- Next by thread: Re: sshd: Authentication Failures: 137 Time(s)
- Index(es):
 |