Hi ! Most of the time (to not say everytime), it's a bot and not a human behind those attacks. I configured my firewall to ban for a minute every IPs trying to log in with 5 wrong attempts. Once it's banned, the bot tries one or two more times and then give up.
It's pretty much effective. 2010/6/17 Gary Baribault <g...@baribault.net> > Hello list, > > I have a strange situation and would like information from the > list members. I have three Linux boxes exposed to the Internet. Two of > them are on cable modems, and both have two services that are publicly > available. In both cases, I have SSH and named running and available > to the public. Before you folks say it, yes I run SSH on TCP/22 and no > I don't want to move it to another port, and no I don't want to > restrict it to certain source IPs. > > Both of these systems are within one /21 and get attacked > regularly. I run Denyhosts on them, and update the central server once > an hour with attacking IPs, and obviously also download the public > hosts.deny list. > > These machines get hit regularly, so often that I don't really > care, it's fun to make the script kiddies waste their time! But in > this instance, only my home box is being attacked... someone is > burning a lot of cycles and hosts to do a distributed dictionary > attack on my one box! The named daemon is non recursive, properly > configured, up to date and not being attacked. > > Is anyone else seeing this type of attack? Or is someone really > targeting MY box? > > Thanks > > > Gary Baribault > Courriel: g...@baribault.net > GPG Key: 0x685430d1 > Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
