[NCLUG] Distributed attack
Kasey Erickson
kasey.erickson at gmail.com
Thu Oct 1 13:00:54 MDT 2009
Though I'm not experiencing the immediate issue you've raised, I've
had good luck in the past with using denyhosts to filter out
blacklisted hosts.
http://denyhosts.sourceforge.net/
Kasey
On Thu, Oct 1, 2009 at 12:32 PM, <grant at amadensor.com> wrote:
> I am seeing a distributed attack, with hundreds of SSH requests per
> minute, each trying to log on as root with a different password (it's OK,
> I killed the root password in /etc/shadow).
>
> Each is unique, and each is from a different IP address. I wonder if it
> is a bot net. Has anyone else been seeing this kind of stuff? It is
> really only in the last few days that it has been happening.
>
> The attacks from coming from Windows boxes, a lot of them on dial up, and
> mostly in Russia and China, but with a few sprinkled about the globe.
>
> _______________________________________________
> NCLUG mailing list NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
>
More information about the NCLUG
mailing list