On Mon, Nov 1, 2010 at 3:30 PM, onteria <onte...@scarletdevil.net> wrote: > I was checking my authlog today and noticed the following series of > brute force login attempts: > > Nov B 1 01:37:04 solar sshd[8173]: Failed password for root from > 58.211.1.163 port 8895 ssh2 > Nov B 1 01:37:04 solar sshd[10692]: Received disconnect from > 58.211.1.163: 11: Bye Bye > Nov B 1 01:37:06 solar sshd[6273]: Failed password for root from > 58.211.1.163 port 9052 ssh2 > Nov B 1 01:37:06 solar sshd[21047]: Received disconnect from > 58.211.1.163: 11: Bye Bye > > First off login as root is disabled, so not much they can do here, but > I'd like to try and setup up some kind of throttling protection for > these sorts of attacks. Unfortunately they keep changing ports, so the > traditional port 22 protection isn't going to work. I'm wondering if > there's something similar to spamd for sshd that can handle this sort of > throttling before handing off to the real server, or if sshd has some > functionality to do that on its own. Thanks ahead of time for any > suggestions.
This problem is quite active for at least last two years and quite a lot about that was written eg. here http://bsdly.blogspot.com/ so I can recommend it for reading. If you will disable passwords completely and use keys instead then you will have much less problems. > > - Onteria
