Re: sshd: Authentication Failures: 137 Time(s)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Rainer Traut <tr.ml@...> writes:

> 
> Hi,
> 
> to prevent scripted dictionary attacks to sshd
> I applied those iptables rules:
SNIP
> 

Lots of good advice from several people.  All of the suggested solutions mean
you still have to wade through log entries from the unsuccessful attacks.  

I've been quite happy with similar IP tables rules but I moved sshd to listen on
something other than port 22 for external connections.  I haven't seen a single
brute force attack since making the move and all unsuccessful attempts to login
via ssh get logged so it's not like attackers can stay below my radar.

It seems that the script kiddies who are responsible for most of these attacks
don't bother scanning (nmap) before the attack.  If port 22 isn't open they move
elsewhere.  If I ever see any failed login attempts I can assume that the
perpetrator is at least a little more skilled than usual and possibly take
additional action.

Cheers,
Dave




_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux