What is this Very Stupid DOS Attack Script?
Willem Jan Withagen
wjw at withagen.nl
Wed Apr 6 08:57:48 PDT 2005
Martin McCormick wrote:
> Apr 6 05:49:42 dc sshd[12422]: input_userauth_request: illegal
> user chuck
>
> You get the idea. This goes on for 3 or 4 minutes and then
> just stops for now. I can almost promise that later, another attack
> will start from some other IP address and blaze away for a few
> minutes.
I asked the same question a while ago.
Seems that there are some linux type worms out there, that use this
to target not well protected linux systems.???
I've build some swatch-rules that after two of these hits, I dump
the host into ifpw-deny space.
--WjW
More information about the freebsd-security
mailing list