[SDBUG] brute force ssh username search on my box
Kevin Stevens
groups at pursued-with.net
Tue Apr 21 22:09:43 PDT 2009
On Apr 21, 2009, at 21:58, J. Cordaro wrote:
> Hi,I'm using rootbsd's Omicron package ($40/mo for Xen sharded Xeon
> E5420 - not bad). The problem is I am getting hammered by ssh
> script kiddies. Based on this doc: http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins
> I've tweaked the sshdaemon and run a sweeper script to add the
> 'bad' ips to pf's block list. The questions are, 1) should the
> hosting service block all this junk for me? 2) Should I change the
> ssh port?Thanks,Jay
1) Not unless you want them to and are paying for the service.
2) My experience is it doesn't help much. I have ssh responding on
two ports at my location (one is to the firewall, one forwarded
through to a bastion server), and I get about equal hits all day long
on both service ports. (shrug)
Pick really strong passwords or use certs (better).
KeS
More information about the SDBUG
mailing list