Slashdot recently referenced a good article about the growing number of
Brute Force Attacks against ssh
http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/
Night after night my server is one whose logs fill with thousands of
lines like these:
Security Events
=-=-=-=-=-=-=-=
Jul 27 03:02:07 debby sshd[19964]: Failed password for illegal user
daisy from ::ffff:217.106.234.86 port 36812 ssh2
Jul 27 03:02:09 debby sshd[20058]: Failed password for illegal user
dorina from ::ffff:217.106.234.86 port 36912 ssh2
Jul 27 03:02:11 debby sshd[20143]: Failed password for illegal user
marian from ::ffff:217.106.234.86 port 37011 ssh2
Jul 27 03:02:14 debby sshd[20195]: Failed password for illegal user juan
from ::ffff:217.106.234.86 port 37114 ssh2
Jul 27 03:02:16 debby sshd[20243]: Failed password for illegal user don
from ::ffff:217.106.234.86 port 37212 ssh2
I don't allow Root logins and I only allow trusted users.
How are others handling this? Do you block the IP address? If so, does
it help, or are you still found by yet another zombie? Any suggestions
or insight are welcome.
--scott