Free Fire Zone: I'm here for the party.




Brute Force Attacks Through ssh
2005-07-16

by: badanov

We just checked the authentication logs on one of my BSD boxes to discover several attempts at a brute force dictionary attack. Dictionary attacks are where a list of common user names and password combos are scripted against a computer with an OpenSSH port.

Our first reaction after reading a report on the story at Slashdot was, we didn't even know we had authentication logs; thought all log in attempts went to the general log, messages.

All the attempts failed for root logins because root logins are prohibited on Free BSD fresh installations. There were several things that can be done to temper this sort of activity.

One is to limit login attempts from 10 attempts to two attempts and the other is to limit the time to login to 15 seconds from 120 seconds as the default. This combo should temper attacks,. At least that is the plan.

As a technical matter only, it is interesting to note that nearly all attempts we found were from South Korea, China, France and Seattle. There was on attempt from ThePlanet, in Dallas, a web hosting company and a known favorite of jihadi types. As soon as we gather more info we will be contacting someone to let them know what is going on.

We will soon begin to grep those ip numbers into a database and have it available for all to see.



-----------------------------------------COMMENTS----------------------------------------



This story is 6831 days old.

Return to Free Fire Zone