Date: Fri, 16 Apr 2010 10:18:08 +0100 From: krad <kraduk@googlemail.com> To: David Xu <davidxu@freebsd.org> Cc: Jeremy Lea <reg@freebsd.org>, freebsd-hackers@freebsd.org Subject: Re: Distributed SSH attack Message-ID: <y2nd36406631004160218g6cfa65eq4958d957f7fc33a7@mail.gmail.com> In-Reply-To: <4BC82259.90203@freebsd.org> References: <20091002201039.GA53034@flint.openpave.org> <4BC82259.90203@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16 April 2010 09:39, David Xu <davidxu@freebsd.org> wrote: > Jeremy Lea wrote: > >> Hi, >> >> This is off topic to this list, but I dont want to subscribe to -chat >> just to post there... Someone is currently running a distributed SSH >> attack against one of my boxes - one attempted login for root every >> minute or so for the last 48 hours. They wont get anywhere, since the >> box in question has no root password, and doesn't allow root logins via >> SSH anyway... >> >> But I was wondering if there were any security researchers out there >> that might be interested in the +-800 IPs I've collected from the >> botnet? The resolvable hostnames mostly appear to be in Eastern Europe >> and South America - I haven't spotted any that might be 'findable' to >> get the botnet software. >> >> I could switch out the machine for a honeypot in a VM or a jail, by >> moving the host to a new IP, and if you can think of a way of allowing >> the next login to succeed with any password, then you could try to see >> what they delivered... But I don't have a lot of time to help. >> >> Regards, >> -Jeremy >> >> > Try to change SSH port to something other than default port 22, > I always did this for my machines, e.g, change them to 13579 :-) > > Regards, > David Xu > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > dont allow password auth, tcp wrap it, and acl it with pf. Probably more stuff you can do. Think onions
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?y2nd36406631004160218g6cfa65eq4958d957f7fc33a7>