Network Security: Detailed info on Re: SSH probe attack afoot?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: SSH probe attack afoot?

from [Stephen Warren] Network Security

[Permanent Link]

Subject:	Re: SSH probe attack afoot?
Date:	Mon, 07 Feb 2005 16:55:50 -0700

On 6 Feb 2005, at 15:09, Bernie Cosell wrote:

We're now getting hammered with the third round of ssh probes in the last
four days [one from CA, one from Brazil and one from Virginia].  I was
wondering: is there some virus or the like floating around now that
leaves an ssh-hammering zombie in its wake?  Or is it just coincidental
that we have gotten three floods?


I got fed up with seeing this kind of thing in my logs.

So, I switched SSH to a non-default port, and it all went away:-)

Sometimes, security through obscurity is very useful. Now at least I have a small SSHD logfile, so I'll pay more attention to it if something shows up in it.

Of course, depending on your user-base, you might have to spend a lot of time on user-education after this change.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
SSH probe attack afoot?, Bernie Cosell Re: SSH probe attack afoot?, Martin Sarsale Re: SSH probe attack afoot?, Steve Bonds Re: SSH probe attack afoot?, Steven Harrison Re: SSH probe attack afoot?, xyberpix Re: SSH probe attack afoot?, Stephen Warren <= Re: SSH probe attack afoot?, j@65535.com Re: SSH probe attack afoot?, Barrie Dempster Re: SSH probe attack afoot?, j lake Re: SSH probe attack afoot?, Jeffrey Goldberg Re: SSH probe attack afoot?, Stephen J. Smoogen eBay Account Phishing with eBay Redirect, Steven Exploit on tcp/4128?, Lawrence Baldwin RE: Exploit on tcp/4128?, David Gillett RE: Exploit on tcp/4128?, Jeff Mickey Re: Exploit on tcp/4128?, Doug Rutherford

Previous by Date:	Re: SSH probe attack afoot?, Joe Egloff
Next by Date:	Re: SSH probe attack afoot?, naverxp
Previous by Thread:	Re: SSH probe attack afoot?, xyberpix
Next by Thread:	Re: SSH probe attack afoot?, j@65535.com
Indexes:	[Date] [Thread] [Top] [All Lists]