[CLUE-Tech] Brute force attack from host 208.188.115.21
Adam Bultman
adamb at glaven.org
Wed Aug 4 15:09:49 MDT 2004
William wrote:
>--- Adam Bultman <adamb at glaven.org> wrote:
>
>
>>My question to you: Since you are all in Denver, (where my machines
>>are), have you been noticing the same attacks on your system? I'm not
>>saying the SSH scans in general, but rather, the dedicated act of
>>attempting to test passwords for the root account.
>>
>>
>
>Nope. However, SSH access to my servers is regulated at my firewalls to SMALL, specific IP
>ranges. I see no value in allowing "the whole internet" access to my logon services (I open
>strictly-controlled IP ranges for each client that I host for). :)
>
>
>
Unfortunately, the people connecting are widespread enough to make
limitations of that sort a total nightmare - I'd either have to allow
massive netblocks through or risk spending most of my day adding new
firewall rules for each person that tries to connect from home, from
another network, etc.
I don't worry about normal SSH scans - those are normal, and the lion's
share of my network is behind the firewall - but it annoys, and worries
me when you get hosts launching these attacks - especially since there's
more than one netblock being attacked - not just mine. There are too
many people out there with unpatched systems.
Regardless, I'm contacting the ISP and blocking that IP - let's hope
that user isn't a DSL user and gets a new ip...
Adam
>=====
>William Kimball, Jr.
>"Programming is an art form that fights back!" =)
>
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! Mail Address AutoComplete - You start. We finish.
>http://promotions.yahoo.com/new_mail
>_______________________________________________
>CLUE-Tech mailing list
>Post messages to: CLUE-Tech at clue.denver.co.us
>Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
>
>
More information about the clue-tech
mailing list