Brute-Force SSH Server Attacks Surge -- InformationWeek
Neil Joseph Schelly
neil at jenandneil.com
Thu May 15 10:03:48 EDT 2008
On Thursday 15 May 2008 09:58, kenta wrote:
> I ended up with the following config...
>
> Bind ssh to two ports: 22 and a non standard port
>
> In my firewall rules I specifically allow certain IP's to connect to port
> 22. These include my internal network (192.168) and a handful of IP's from
> other hosts that I interact with on a regular basis.
>
> Anyone can ssh to the non-standard point, but from what I've seen the
> attempts are few and far far between since most people aren't looking for
> it. I used to get a handful or a few hundred handfuls of ssh login
> failures when I was on just 22, now I get pretty much none.
Seconded - I've never gotten a failed SSH login report on a non-22 port. The
attacks are botnets and so they're looking for the low-hanging fruit. As
someone who watches logfiles, I'm already outside their target audience.
-N
More information about the gnhlug-discuss
mailing list