On 7/15/05, Josh Bowers <josh@gargoylesolutions.com> wrote:
> Steven Buehler wrote:
> >
> > On Jul 15, 2005, at 11:26 AM, John Pugh wrote:
> >
> >> FYI...most of these "attacks" come from already hacked
> >> computers so retaliation might be directed towards the wrong people.
> >
> >
> > The is also the possibility that the attacking computer has a forged IP
> > or is doing so through a proxy.
>
> I had these a couple of weeks ago and looked into it. It is probably
> someone's rooted box running an SSH brute force cracker.
>
> I don't know how effective it would be to try to contact the ISPs where
> these are originating, but it couldn't hurt. However, the attacks will
> keep coming so what I did is changed the default port for sshd. That
> alone stopped it. To be a little extra safe you can also disable root
> logins.
>
What may send them off into never never land might be a ssh that does
not give a response if there is a failure. I think that the brute force cracker
is looking for the error response in order to know when to try again. So
I would assume it is looking for some sort of reply from the ssh on my
machine. If it gave you nothing unless you actually accessed it I would
think that would put off such devices. The users would have to know that
they were not going to be met with a error message but at least it would
give them a bit of confusion I would think.
-- Chuck Hast To paraphrase my flight instructor; "the only dumb question is the one you DID NOT ask resulting in my going out and having to identify your bits and pieces in the midst of torn and twisted metal."----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:47:10 EDT