[conspire] Ongoing dictionary attacks on SSH daemons
rick at linuxmafia.com
Mon Oct 11 12:31:34 PDT 2004
Bill Moseley <moseley at hank.org> wrote:
> So where are these attacks coming from? I've just assumed they are
> owned machines sending out bulk attempts so haven't tried to track
> them down.
I figure yes. I looked up the one I quoted, at the time, and it seemed
to be coming from a desktop box somewhere in Europe. (I forget which
country, but I think Daniel posted it.)
> I've disabled only root login. I'd like to keep password access for
> other accounts as I don't always have my private key. Been thinking
> more about port knocking lately. Every set that up?
No, I haven't, but it's definitely a trick worth considering.
I'm not really worried about dictionary attacks succeeding against
accounts where *I* determine the passwords, since mine are about as
close to random maximum-length strings as possible. I worry a bit about
some of my users, though.
More information about the conspire