brute-force-ssh-attack
We suffer from a sshd brute force attack.
Its no real securety problem as we have several securety tools that make it impossible to get into the server via ssh-brute-force-attack. Here is the log-file: Quote:
The attack seems to be coordinatet between several different IP`s how can that be ? |
A botnet perhaps?
|
Yes, seems so, but does anybody have the same problems or know the virus (just for fun!)
|
saavik,
the sshd brute force attacks are nothing new and yes, everyone gets them. Your particualr instance could have been caused by spoofing or as win32sux already stated a distributed attack (botnet). The attack would not fall into the category of 'virus'. |
Did you read the sticky post here? ====> http://www.linuxquestions.org/questi...tempts-340366/
|
The most important things to remember are:
A digital certificate is like a non-forgeable (and, individually revocable...) identification badge. The badge can be password-protected to prevent it from being presented by the wrong person, but the bottom line is that in order to connect to your system a valid badge must be presented. (You can issue and revoke the badges without costing any money.) A hacker can knock at your door until he's blue in the face, but he'll never get inside. Put as many obstacles in the way as you can. For example, close all the inbound pathways except a VPN-portal maintained by your hardware router... once again, secured using digital certificates (not "pre-shared keys"). It's better to keep the hackers outside of the chain-link fence topped with concertina-wire, rather than to let them be milling-about in the front lobby. Having set-up this system, now actively maintain it. Issue certificates (of the various types) with a drop-dead date and change them periodically. Issue individual certificates, so that each one can be individually revoked. |
You could also try and put the annoying ip net blocks under hosts.allow. well this is not a panacea but it kind of moderates the brute-attacks. Its in the thread mentioned. i also receive these attempts but basic ssh security procedures again in the above mentioned thread should keep things in check.
|
All times are GMT -5. The time now is 02:11 PM. |