[86696] in North American Network Operators' Group
Re: a record?
daemon@ATHENA.MIT.EDU (Peter Dambier)
Mon Nov 14 18:01:42 2005
Date: Tue, 15 Nov 2005 00:01:00 +0100
From: Peter Dambier <peter@peter-dambier.de>
Reply-To: peter@peter-dambier.de
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
In-Reply-To: <17273.3258.590183.421801@roam.psg.com>
Errors-To: owner-nanog@merit.edu
Randy Bush wrote:
> for one host, 185,932 ssh dictionary password attacks in one gmt day
> (and, of course, password login is not enabled).
>
> randy
>
I guess it is.
Must be a high performing system :)
I have seen many attacks on DSL 1000 MBit and 2000 MBit hosts.
Attacks typically lasted 10 minutes. No more than 10 attacks a day.
I did not count the passwords - I guess it must have been 250 each.
Getting rid of them:
Starting sshd from xinetd or inetd. If you have an ol' 386 like me
they have already wasted their wordbook before your sshd comes up.
Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?
Seen no more wordbooks since. Had to by me a dictonary :)
I would not dare enabling logins on your system.
Kind regards
Peter and Karin
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@peter-dambier.de
mail: peter@echnaton.serveftp.com
http://iason.site.voila.fr
http://www.kokoom.com/iason
