which scans access-patterns to closed ports and reacts to it.
Distributed brute force ssh attacks
Posted Oct 24, 2009 19:51 UTC (Sat) by DG (subscriber, #16978)
Having to "Log into a firewall" seems much easier for them to grasp - there is no need for them to install any software or do anything 'new'.
Posted Oct 25, 2009 11:21 UTC (Sun) by oak (guest, #2786)
And then use a modified denyhosts to monitor failed ssh login attempts
from the IP addresses for which the firewall opened a port. Denyhosts
could then e.g. mail the IT admin when too many failed attempts are
noticed. They can then verify (e.g. by phone) that it's the user itself
failing to login (too many times) and not user or user's machine or home
network being compromised...
Posted Oct 25, 2009 14:41 UTC (Sun) by DG (subscriber, #16978)
Each to their own; I'm sure many solutions are better than one :)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds