[ale] 300,000 failed login attempts in 6 months!!!
James Taylor
James.Taylor at eastcobbgroup.com
Tue Aug 19 20:08:16 EDT 2008
I assume "the attackers" is a bunch of stupid bots looking for standard ports.
I don't expect to defend against a targeted attack, I'm just trying to keep my log files from consuming all my disk space with failed login attempts.
So far it's been 100% effective for that purpose.
On a slightly tangential note, I've had similar results by fronting my spamserver with sqlgrey.
I got rid 80-90% of the messages my spam filter would have otherwise have had to process.
I like getting rid of 80% of my problems with an easy fix. Then I can focus more time on dealing with which of the 20% that require more effort.
-jt
James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com
>>> "Michael B. Trausch" <mike at trausch.us> 8/19/2008 05:44 PM >>>
On Tue, 2008-08-19 at 12:12 -0400, Jim Popovitch wrote:
> New? No. SSH brute force attempts are not new. You, as a target,
> might be new. ;-)
>
> Save yourself some trouble and run SSHD on a non-standard port.
I keep seeing this said over and over again, and I keep wondering: Are
the attackers _really_ that stupid? Wouldn't a simple portscan prior to
attempting to attack get rid of any benefit that this would provide?
--- Mike
--
My sigfile ran away and is on hiatus.
More information about the Ale
mailing list