Brute-Force SSH Server Attacks Surge (InformationWeek) [LWN.net]

Brute-Force SSH Server Attacks Surge (InformationWeek)

Posted May 14, 2008 17:14 UTC (Wed) by leoc (subscriber, #39773)
Parent article: Brute-Force SSH Server Attacks Surge (InformationWeek)

I find changing the host port from the default to something else helps to reduce the incidence
of attempts.  If nothing else, it at least keeps the log files a little less jammed full of
entries that need to be reviewed.  You can add an entry to your personal ssh config file to
have it automatically use the alternative port without needing to specify it on the command
line.

(Log in to post comments)

Brute-Force SSH Server Attacks Surge (InformationWeek)

Posted May 14, 2008 17:23 UTC (Wed) by ikm (subscriber, #493) [Link]

I second that. Drops from thousands of attempts a day to zero. While it won't give too much
security in case of a deliberately planned attack on you, most of the attacks are just
automated scripts which check for root=root, lp=lp, etc, creating a mess in the logs.

Brute-Force SSH Server Attacks Surge (InformationWeek)

Posted May 15, 2008 15:02 UTC (Thu) by jhardin (guest, #3297) [Link]

In addition to changing the listen port on your system, put a TCP tarpit (e.g. LaBrea) on port
22.