Re: [tlug] SSH attacks continue; kiddies fighting over crackedhosts?

[Michael Reinsch <mr@example.com>]

Hi!

Friday, 15.07.2005, 13:47 +0900 Stephen J. Turnbull wrote:
> I'm now seeing from 3 to 6 attempts by unknown IPs to connect to the
> ssh port per day, and what's more interesting, about every other day I
> see two or more attempts from the same IP, separated by a few hours
> (randomly distributed), which never used to happen (there has always
> been an attack pattern consisting of two probes 3 seconds apart, but
> this is different).

I didn't notice this, but I didn't pay much attention to the IP
addresses either... I also didn't see an increase for the system I'm
watching, 2-4 attacks per day are still common.

Well, I'm thinking about extending my script to keep the recorded data
for a longer time. Then one can just shut down those attacks from a
known attacking host at once after the first failed login, and maybe
also for a longer time, maybe proportional to the number of recorded
attacks (I don't want to block it forever)... well, just some thoughts,
won't have time to do that until next month...

-- 
  Michael Reinsch <mr@example.com>                      http://mr.uue.org/
------------------------------------------------------------------------

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil