Increase in SSH attacks as of announcement of rtld bug
martinko
gamato at users.sf.net
Tue Dec 8 11:21:35 UTC 2009
Bill Moran wrote:
> In response to Mike Tancsa <mike at sentex.net>:
>> Yes, thats the latest pattern I have been seeing-- distributed, slow
>> and coordinated. Here is a sample from one of my honeypots. The
>> only way to deal with them I found is to have multiple sensors
>> throughout my network and aggregate the data. Otherwise, each IP
>> only appears every few hrs in the logs.
>
> I deal with it by immediately blocking any host that generates an
> "invalid user" error.
>
> Of course, that won't work for everyone :(
>
and if it's just a typo on user part ?
More information about the freebsd-security
mailing list