Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
User Panel
delton
palmetto
primaryArms
geissele
SDS
midwest
brownells
JRH
Hit
skd
magpul
aim
GS
springfield
bravocompany
RS
laRue
vortex
fightlite
jt
troy
CA
silencerShop
VP

palmetto
LAPG
JRH
silencerShop
Faxxon
RS
THBRD
SAS
bravocompany
brownells
blackhills
fightlite
dsa
primaryArms
cmmg
springfield
LAPG
gray
geissele
jt
Pro2A
ar15com
CA
bravocompany
cmmg
tnvc
trijicon
ar15com
Users Online3233 Online
bravocompany missing Hydra
Page General » Urban Commandos
Site Notices
Site News 2024's Favorite CCW? | PSA Micro Dagger
Archived [ARCHIVED THREAD] - SSH Brute Force Login Attacks
Posted: 8/15/2005 11:49:33 PM EDT
They're really getting out of hand. Is everyone else seeing these constant scans?

Link Posted: 8/16/2005 8:05:24 AM EDT
[#1]
Attacking where?

A real Brute Force takes a lot of resources (otherwise it ends up taking a very long time).
Link Posted: 8/16/2005 9:23:55 AM EDT
[#2]
haven't checked lately....  I have the host.allow file only accepting ips from my work computer and thats it..   hosts.deny is dening all ip address's..

Link Posted: 8/16/2005 9:24:46 AM EDT
[#3]
webhostinggear

has some good info on securing linux server

Link Posted: 8/16/2005 10:58:33 AM EDT
[#4]
The attack tries a few thousand login/passwords, looking for weak accounts:

Aug 15 09:49:06 localhost sshd[11162]: Failed password for invalid user unicorn123 from ::ffff:202.222.28.85 port 55650 ssh2
Aug 15 09:49:07 localhost sshd[11164]: Invalid user a from ::ffff:202.222.28.85
Aug 15 09:49:10 localhost sshd[11164]: Failed password for invalid user a from ::ffff:202.222.28.85 port 56027 ssh2
Aug 15 09:49:11 localhost sshd[11166]: Invalid user unix from ::ffff:202.222.28.85
Aug 15 09:49:13 localhost sshd[11166]: Failed password for invalid user unix from ::ffff:202.222.28.85 port 56408 ssh2
Aug 15 09:49:14 localhost sshd[11168]: Invalid user unix123 from ::ffff:202.222.28.85
Aug 15 09:49:17 localhost sshd[11168]: Failed password for invalid user unix123 from ::ffff:202.222.28.85 port 56791 ssh2
Aug 15 09:49:18 localhost sshd[11170]: Invalid user a from ::ffff:202.222.28.85
Aug 15 09:49:20 localhost sshd[11170]: Failed password for invalid user a from ::ffff:202.222.28.85 port 57152 ssh2


Yadda yadda yadda. I've been seeing 5-10 attacks from new IPs per day, every one running through a list of accounts. This IP tried over 3,000 logins. 2-3 seconds apart. It seems to pick up new weak accounts from /etc/passwd on the machines it exploits, adding them to the list of new accounts to try. Most of the attacks seem to come from overseas.

You're fine as long as your passwords are strong, but it could pretty easily escalate to a denial of service if this keeps  spreading.

Archived [ARCHIVED THREAD] - SSH Brute Force Login Attacks
Page General » Urban Commandos
Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
geissele
RS
dsa
Pro2A
CA
LAPG
THBRD
JRH
primaryArms
blackhills
Faxxon
silencerShop
jt
cmmg
ar15com
palmetto
gray
brownells
springfield
LAPG
SAS
fightlite
bravocompany
missing
AR-15 AK-47 Handgun Precision Rifles Armory Training Competitive Shooting General Outdoors Archery Hometown Industry

About AR15.COM

Become an AR15.COM Team Member

AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.

From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.

Stay Connected

AR15.COM Facebook AR15.COM Twitter AR15.COM YouTube AR15.COM Instagram
Pepperjam Verification

Newsletter

Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.

Contact Us

Advertising
[email protected]
General
[email protected]

Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.

AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.

Advertising Memberships ARFCOM Shop Gear Deals Virtual Weapon Build Discussion Forums Help Privacy DMCA About Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon   Goat Signal
** When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs include, but are not limited to, the eBay Partner Network and Amazon.
Top Top