Analyzing Malicious SSH Login Attempts

Analyzing Malicious SSH Login Attempts
Christian Seifert

Expand all | Post comment

Analyzing malicious SSH login attempts 2006-09-12
Anonymous

Analyzing malicious SSH login attempts 2006-09-12
Peter N. M. Hansteen (2 replies)

Re: Analyzing malicious SSH login attempts 2006-09-19
scolsuckz

Re: Analyzing malicious SSH login attempts 2006-11-26
Anonymous

Analyzing malicious SSH login attempts 2006-09-12
Henry Escobar

Analyzing malicious SSH login attempts 2006-09-13
Anonymous

Analyzing malicious SSH login attempts 2006-09-15
Ron Jennings

Analyzing malicious SSH login attempts 2006-09-16
Anonymous

Analyzing malicious SSH login attempts 2006-09-19
Alex LaHurreau

Analyzing malicious SSH login attempts 2006-09-26
Russ (1 replies)

Re: Analyzing malicious SSH login attempts 2006-10-26
Anonymous

Several tools exist to block ssh attempts via updating yours hosts or iptables/ipfw rules. These are all postpurtom. Linux netfilter has the recent module which allows realtime blackholing. Also using passphrases, deny Root ssh or atleast without-password and allowing wheel group su or limited sudo access helps. Page and Port knocking are other ideas as well as running your own rbl service [honeypot collects ips] and running ssh through tcpserver [see DJB's ucspi-tcp] which uses that rbl.

Changing the port is anti RFC and doesn't really solve the problem, though it does block over 90% of attacks.

-m1ha5

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1876/734#734

Analyzing Malicious SSH Login Attempts 2006-11-06
Anonymous (1 replies)

Re: Analyzing Malicious SSH Login Attempts 2007-01-16
Anonymous (1 replies)

Re: Re: Analyzing Malicious SSH Login Attempts 2007-10-17
Anonymous

Analyzing Malicious SSH Login Attempts 2008-03-31
Anonymous (1 replies)

Re: Analyzing Malicious SSH Login Attempts 2008-05-04
zulu

Analyzing Malicious SSH Login Attempts 2008-05-30
Anonymous