[geeks] SSH Scans Increasing
Phil Stracchino
alaric at metrocast.net
Thu Aug 21 06:57:25 CDT 2008
Jonathan C. Patschke wrote:
> Has anyone else seen a very sharp increase in the number of SSH scans
> since this weekend?
>
> I have a program running out of cron that looks for break-ins and updates
> my /etc/pf.conf automagically. It mails me when it adds a new host to the
> list. I used to get 2 - 3 per week, but now I see 20 - 30 per day.
I haven't seen it. But then, I got so sick of ssh-dictionary-scanning
scriptkiddies filling up my logs day after day, week after week, month
after month, and have so few non-local users, that I implemented a
whitelist-only pf rule for SSH and FTP connections.
Currently I'm pondering the best means to allow users with existing
accounts and known SSH keys to remotely authorize new IPs for themselves.
--
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org
Renaissance Man, Unix ronin, Perl hacker, Free Stater
It's not the years, it's the mileage.
More information about the geeks
mailing list