[86694] in North American Network Operators' Group
Re: a record?
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Mon Nov 14 17:49:51 2005
Date: Mon, 14 Nov 2005 23:49:19 +0100
From: Jeroen Massar <jeroen@unfix.org>
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
In-Reply-To: <17273.3258.590183.421801@roam.psg.com>
Errors-To: owner-nanog@merit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig79F1E2372F0D0E68B66D53AE
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Randy Bush wrote:
> for one host, 185,932 ssh dictionary password attacks in one gmt day
> (and, of course, password login is not enabled).
Partial "solution": rate limit ports to max X (5) new connects per X (60
secs) time.
Et tada, almost not to be seen any more.
Misc Linux-based example:
http://unfix.org/~jeroen/archive/rc.ratelimit
Also possible with your favorite BSD and other OS's...
Limiting port 25 also helps with those annoying bots around the net.
Other solution: disable IPv4 SSH and enable the IPv6 one, no scanning on
that plane ;)
Greets,
Jeroen
--------------enig79F1E2372F0D0E68B66D53AE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Jeroen Massar / http://unfix.org/~jeroen/
iD8DBQFDeRRvKaooUjM+fCMRAoKUAJ9Ad4BGXb7XTbYVz8uMKC1VZBRp2QCgn96g
4zuVS1IkmKdUh+GreJUbj0c=
=+AxJ
-----END PGP SIGNATURE-----
--------------enig79F1E2372F0D0E68B66D53AE--
