Greg Larkin wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Lea wrote:
Hi,
This is off topic to this list, but I dont want to subscribe to -chat
just to post there... Someone is currently running a distributed SSH
attack against one of my boxes - one attempted login for root every
minute or so for the last 48 hours. They wont get anywhere, since the
box in question has no root password, and doesn't allow root logins via
SSH anyway...
But I was wondering if there were any security researchers out there
that might be interested in the +-800 IPs I've collected from the
botnet? The resolvable hostnames mostly appear to be in Eastern Europe
and South America - I haven't spotted any that might be 'findable' to
get the botnet software.
I could switch out the machine for a honeypot in a VM or a jail, by
moving the host to a new IP, and if you can think of a way of allowing
the next login to succeed with any password, then you could try to see
what they delivered... But I don't have a lot of time to help.
Regards,
-Jeremy
Hi Jeremy,
You could set up DenyHosts and contribute to the pool of IPs that are
attempting SSH logins on the Net:
http://denyhosts.sourceforge.net/faq.html#4_0
It also looks like there's been quite a spike of SSH login activity
recently: http://stats.denyhosts.net/stats.html
Hope that helps,
Greg
- --
Greg Larkin
http://www.FreeBSD.org/ - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
http://twitter.com/sourcehosting/ - Follow me, follow you
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFKxm4H0sRouByUApARAtnPAKCQuivQdE1s0ZZnUO6qVWA87N8ZKgCgjyYD
Tbv+hWI+KoXYsEpt0n4gW5k=
=xCz7
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
There seems to be some kind of cordinated attack because I have been
seeing different backbones wink in and out (work and home are on
completely diff backbones and are having roughly the same intermitten
interuptions)
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
