From: Peter Dambier (no email)
Date: Mon Nov 14 2005 - 18:01:00 EST
Randy Bush wrote:
> for one host, 185,932 ssh dictionary password attacks in one gmt day
> (and, of course, password login is not enabled).
I guess it is.
Must be a high performing system :)
I have seen many attacks on DSL 1000 MBit and 2000 MBit hosts.
Attacks typically lasted 10 minutes. No more than 10 attacks a day.
I did not count the passwords - I guess it must have been 250 each.
Getting rid of them:
Starting sshd from xinetd or inetd. If you have an ol' 386 like me
they have already wasted their wordbook before your sshd comes up.
Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?
Seen no more wordbooks since. Had to by me a dictonary :)
I would not dare enabling logins on your system.
Peter and Karin
-- Peter and Karin Dambier The Public-Root Consortium Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: mail: http://iason.site.voila.fr http://www.kokoom.com/iason