[lug] DOS ssh attacks
Todd
todd at shredsnow.com
Sat Jan 10 09:29:55 MST 2009
On Sat, Jan 10, 2009 at 8:04 AM, Rob Nagler <nagler at bivio.biz> wrote:
> We've been under heavy attack the last 24 hours. The only annoyance is
> that all the ssh connections are sucked up for a period of time so we
> can't get in via certain machines public interfaces. Blocking the
> addresses in iptables fixes the problem.
>
> This seems to be localized to our ViaWest hosts. Our FRII rack is
> always available.
>
> Is anybody else experience this type of attack (see log entries
> appended) right now?
>
> Another question is: any tricks we can use to slow down requests to
> ssh so we don't get locked out?
>
> Thanks,
> Rob
>
> ----------------------------------------------------------------
> Jan 10 08:53:37 host1 sshd(pam_unix)[28289]: check pass; user unknown
> Jan 10 08:53:37 host1 sshd(pam_unix)[28289]: authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=217.219.159.13
>
Rob,
You can lock down access to port 22 from only select IPs via iptables or set
up something like BFD:
http://www.rfxnetworks.com/bfd.php
GL.
- Todd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20090110/07054bd4/attachment.html>
More information about the LUG
mailing list