Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Counteroffensive help on bruteforce attacks on SSHD
From: "Andrew Poodle" <andrewp () IRW co uk>
Date: Fri, 29 Oct 2004 14:34:21 +0100

Hullo the list..

I have a box at home, running fedora core 1, behind a router, which I
use for serving some dev webpages, and some other miscelaneous stuff..

I'm seeing lots of ssh login attempts with user=root from two or three
IP addresses, after I blocked access at the firewall based on host.

Can anyone point me at some good resources where I can bone up and learn
more about counter-measures....  I'm not looking to take this guy out
(although would'nt be a bad thing).. But would be interesting to find
out more.



This document should only be read by those persons to whom it is addressed and is not intended to be relied upon by any 
person without subsequent written confirmation of its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no liability (including in negligence) 
for the consequences for any person acting, or refraining from acting, on such information prior to the receipt by 
those persons of subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this 
e-mail message is strictly prohibited.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]