Date: Tue, 08 Dec 2009 01:09:03 +0100 From: martinko <gamato@users.sf.net> To: freebsd-security@freebsd.org Subject: Re: Increase in SSH attacks as of announcement of rtld bug Message-ID: <hfk5ev$2cu$1@ger.gmane.org> In-Reply-To: <20091202090707.f563976d.wmoran@collaborativefusion.com> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <200912010522.WAA03022@lariat.net> <200912011724.KAA10851@lariat.net> <200912011909.nB1J9JRM070879@lava.sentex.ca> <200912020145.SAA17523@lariat.net> <200912020150.nB21ossm072930@lava.sentex.ca> <4B1662BB.8000908@gmail.com> <200912021324.nB2DOc58001138@lava.sentex.ca> <20091202090707.f563976d.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > In response to Mike Tancsa <mike@sentex.net>: >> Yes, thats the latest pattern I have been seeing-- distributed, slow >> and coordinated. Here is a sample from one of my honeypots. The >> only way to deal with them I found is to have multiple sensors >> throughout my network and aggregate the data. Otherwise, each IP >> only appears every few hrs in the logs. > > I deal with it by immediately blocking any host that generates an > "invalid user" error. > > Of course, that won't work for everyone :( > and if it's just a typo on user part ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hfk5ev$2cu$1>