Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Brute force attacks

from [krymson] Network Security [Permanent Link]
Subject: Re: Brute force attacks
Date: 31 May 2007 18:55:19 -0000 
Welcome to the Internet! :)

Seriously, my open SSH ports get minimal brute force attacks daily, typically 
anywhere from 2 attempts to a couple thousand. Watch these long enough and you 
can see that while they come randomly and from different IPs, the same battery 
of username/password combinations tend to get used.

In other words, you may be experiencing normal random junk from automated 
scanning systems from the Internet. 

And there is not much you can do about it.

You could block their IPs on your border, but be careful what you block in case 
you have business that comes from there.

My best practice is to just be aware of it and block if it starts to impact 
services/bandwidth or just block if you know you can safely do that. Keep those 
services hardened and accounts safely limited and protected with complex, 
regularly rotated passwords.


<- snip ->
Hi List,

I've been experiencing brute force dictionary attacks from various
sources against my gateway. The attacker is trying all kinds of
username/password combinations to get in.

I have traced the source IP addresses on internet authorities such as
Ripe, Arin & Apnic; the feedback I get is that "Country is really world
wide". I then traced the IPs using visual route, and saw that their
locations vary widely; some of them are in the US, some in China, others
in Poland...

What are my options in such a case? Have you ever experienced such a
behavior? And what are the best practices that apply?

Thank you,

-Mohamad.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Importing Security Product Output Into A Database, Tremaine Lea
Next by Date:  Re: Brute force attacks, David Bergert
Previous by Thread:  Re: Brute force attacks, Manuel Arostegui Ramirez
Next by Thread:  CISSP experience Question, whitecastleatshell
Indexes:  [Date] [Thread] [Top] [All Lists]