Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Weird SSH attack last night and this morning (still ongoing)
From: Blaine Fleming <groups () digital-z com>
Date: Wed, 07 May 2008 11:36:18 -0600
Gary Baribault wrote:
I don't know what is going on last night and this morning ... I have three Linux servers facing the Internet, two on cable modems and another on a static IP/commercial connection and this last one is a gateway to a Web/FTP/SMTP/Pop3/NTP Linux based system. 
<snip>
Is any one else seing this? or am I being targeted? This is still going on now .. and it started arround 10:00 last night GMT+4
I've had one system bouncing off of SSH on one of my servers for about a week now. I have fail2ban configured to drop them for six hours after five failed connects. The server in question is configured for key authentication only but they keep trying to submit a password anyway. The second the ban drops I see them connecting again. Other than that, I haven't seen anything bouncing off my servers repeatedly. Everything gets banned once and never comes back. 

--Blaine

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]