[CLUE-Tech] Brute force attack from host 208.188.115.21
David Anselmi
anselmi at anselmi.us
Wed Aug 4 19:25:17 MDT 2004
Adam Bultman wrote:
> This morning, I tended to my logs like normal to find that the above
> host has been attempting to bruce force passwords on my network.
[...]
> My question to you: Since you are all in Denver, (where my machines
> are), have you been noticing the same attacks on your system? I'm not
> saying the SSH scans in general, but rather, the dedicated act of
> attempting to test passwords for the root account.
No, just some mild scanning for test and guest accounts.
You can (should?) have root logins disabled in ssh. For accounts you
want to log in you can disable passwords and force the use of a public
key method. Those should be a little harder to brute force.
Dave
More information about the clue-tech
mailing list