I've been getting attacked as well but, it has decreased after I took some mearsures. I changed the ssh server not to accept root login: PermitRootLogin no
Also installed fail2ban and on top of that created a script that would block ip addresses I find in the log: BAD="/etc/badIp" IPS=$(cat $BAD) $iptables --delete-chain blockBadIp $iptables -N blockBadIp $iptables -F blockBadIp # $iptables -A INPUT -p tcp --dport 22 -s $iptables -A blockBadIp -j DROP for i in $IPS do $iptables -A INPUT -p tcp -i $EXT_IFACE -s $i -j blockBadIp $iptables -A INPUT -p udp -i $EXT_IFACE -s $i -j blockBadIp done On Mon, 2010-10-25 at 00:26 -0400, Robert West wrote: > Brute force attack. Various user names, various passwords. > Dictionary attack. Seems to be happening all the time now. > > > > > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Scott Piehn > Sent: Sunday, October 24, 2010 11:06 PM > To: WISPA General List > Subject: Re: [WISPA] Brute Force Attacks > > > > > What do you consider a brute force attack? > > > > > > We tarpit traffic coming into our network on ssh, ftp, etc. then put > an exception list for known server customers. > > > > > > I am always looking to identify and block extra stuff at our border > > > > > > > > > > ---------------------------------------------------- > Scott Piehn > ----- Original Message ----- > > > From: RickG > > > To: WISPA General List > > > Sent: Sunday, October 24, 2010 9:44 PM > > > Subject: Re: [WISPA] Brute Force Attacks > > > > > > Not here. What ip range? > > On Sun, Oct 24, 2010 at 10:20 PM, Robert West > <[email protected]> wrote: > > Is it just me or is everyone having their gateway servers > attacked by those Chinese so-and so’s? (WISPA REGS) > > > > My logs show attacks all weekend on all of my MT gateways…………. > Sad………… > > > > Never had that before. Even the Routerboard I use at the > house. RELENTLESS! > > > > Just sharing………… They get swatted off so it’s all good but > it’s interesting to watch their attack………… > > > > Moving on…………. > > > > Steve- > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > ______________________________________________________________ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
