Hi, Am I the only one to be seeing lots of hits on my ssh ports from Linux boxes? I got absolutely hammered by a machine belonging to an ISP yesterday - 50+ hits/second - so much so that I re-wrote my guard-bot. They seem to have unplugged the box since I phoned them - they promised to call back but never have done.
Since then I've been seeing intermittent hits (but no bursts). I saw the warning re ssh vulnerabilities but I though this only affected which hosts users connected from (surely nobody would only use the IP address/host key as authentication?). I suppose this would still allow someone to mount a dictionary attack where password authentication was enabled. ....or am I missing something? If there's any SSH/security gurus out there....if I've compiled against the tcp-wrappers library does this bug affect access controls implemented with hosts.allow/deny or is it just in the Colin -------------------------------------------------------------------- http://www.lug.org.uk http://www.linuxportal.co.uk http://www.linuxjob.co.uk http://www.linuxshop.co.uk --------------------------------------------------------------------
