[geeks] ssh attacks

Kevin kevin at mpcf.com
Wed Aug 11 13:03:36 CDT 2004


I could move my ssh boxes to other ports, but unless there are
known vulnerabilities in the current openssh (3.8p1) then i don't
really see that the threat warrants that.  These "attacks" seem
to be automated and (other than root, which should be denied ssh
login anyway) seem to go for user names that are non existent on
my systems.

If moving ssh to another port had downsides, then i could see
it, but in our case that would require notifying a number of
people, changes to documentation and procedures and so on.

/KRM

On Wed, 11 Aug 2004 10:05:36 -0700 (MST)
Gary Nichols <gary at linuxforce.org> wrote:

> On Wed, 11 Aug 2004, Kevin wrote:
> 
> > Lately, i've been getting several ssh login attempts to
> > accounts user, admin and test.  Mostly from European and
> > Asian countries.
> > 
> > Is there some type of automated worm out there trying to
> > exploit an ssh vulnerability?
> > 
> > Anyone else getting this crap?
> 
> I've been tracking this thing for weeks.  It's an automated
> probe tool using known accounts.  I have some leads on the
> motive, but nothing concrete enough that I'm going to mention
> here.
> 
> I *really* recommend that you move ssh to another port.  You'll
> take yourself off the radar for 99% of the tools out there,
> unless they REALLY want YOUR box.
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks


-- 
"Make it idiot proof and someone will make a better idiot."
keyserver: http://pgp.mit.edu/



More information about the geeks mailing list