Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Erik Norgaard
norgaard at locolomo.org
Mon Nov 13 20:25:46 UTC 2006
Leo L. Schwab wrote:
> I recently installed FreeBSD 6.1 on my gateway. It replaced an
> installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had
> disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I
> thought I'd leave the server on, and am somewhat dismayed to discover that I
> now get occasional brute-force/dictionary attacks on the port.
Whichever service you have running, if you look in the log you will find
attempts of attack, ssh is no different, it's a target.
Honestly, I wouldn't worry about it: review your config and make some
simple choices to reduce the noise, see this article:
http://www.securityfocus.com/infocus/1876
Rather than reposting myself - this issue is regularly debated, I think
last time (or last time I participated) was debated 19-09-2006. Check
the archive.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
More information about the freebsd-questions
mailing list