Re: a record?

From: Peter Dambier (no email)
Date: Mon Nov 14 2005 - 18:01:00 EST

  • Next message: Jeroen Massar: "Re: a record?"

    Randy Bush wrote:
    > for one host, 185,932 ssh dictionary password attacks in one gmt day
    > (and, of course, password login is not enabled).
    > randy

    I guess it is.

    Must be a high performing system :)

    I have seen many attacks on DSL 1000 MBit and 2000 MBit hosts.
    Attacks typically lasted 10 minutes. No more than 10 attacks a day.
    I did not count the passwords - I guess it must have been 250 each.

    Getting rid of them:

    Starting sshd from xinetd or inetd. If you have an ol' 386 like me
    they have already wasted their wordbook before your sshd comes up.

    Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?

    Seen no more wordbooks since. Had to by me a dictonary :)

    I would not dare enabling logins on your system.

    Kind regards
    Peter and Karin

    Peter and Karin Dambier
    The Public-Root Consortium
    Graeffstrasse 14
    D-64646 Heppenheim
    +49(6252)671-788 (Telekom)
    +49(179)108-3978 (O2 Genion)
    +49(6252)750-308 (VoIP:

  • Next message: Jeroen Massar: "Re: a record?"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD