Brute Force Attacks Through ssh subject logo: UNIX
2005-07-16
Posted by: badanov

We just checked the authentication logs on one of my BSD boxes to discover several attempts at a brute force dictionary attack. Dictionary attacks are where a list of common user names and password combos are scripted against a computer with an OpenSSH port.

Our first reaction after reading a report on the story at Slashdot was, we didn't even know we had authentication logs; thought all log in attempts went to the general log, messages.

All the attempts failed for root logins because root logins are prohibited on Free BSD fresh installations. There were several things that can be done to temper this sort of activity.

One is to limit login attempts from 10 attempts to two attempts and the other is to limit the time to login to 15 seconds from 120 seconds as the default. This combo should temper attacks,. At least that is the plan.

As a technical matter only, it is interesting to note that nearly all attempts we found were from South Korea, China, France and Seattle. There was on attempt from ThePlanet, in Dallas, a web hosting company and a known favorite of jihadi types. As soon as we gather more info we will be contacting someone to let them know what is going on.

We will soon begin to grep those ip numbers into a database and have it available for all to see.

If you have something to add, Fire Away!

Number of Comments so far: 6

Click here for a list of stories in the Unix and Computer category