Blog DavTar

April 30, 2007

SSH Brute Force Attacks

Filed under: System Administration — cygnl7 @ 10:52 am

I’ve had a lot of ssh brute force attacks on one of my machines lately. I have some log parsing that lets me know IPs so that I can actively block those IPs but that quickly became unmanageable. One step I’ve added in the defense of this type of attack I found at http://lists.netfilter.org/pipermail/netfilter/2005-June/060914.html.
It’s a simple yet effective way of detecting and dropping any connections from those that are trying to brute force their way in.

(more…)

Advertisements

Blog at WordPress.com.