Date: Sat, 18 Sep 2004 14:32:50 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Willem Jan Withagen <wjw@withagen.nl>, Liste FreeBSD-security <freebsd-security@FreeBSD.ORG> Subject: Re: Attacks on ssh port Message-ID: <DAE96C6F-096E-11D9-AE98-000D93B1A412@patpro.net> In-Reply-To: <414C2798.7060509@withagen.nl> References: <414C2798.7060509@withagen.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 sept. 2004, at 14:18, Willem Jan Withagen wrote: > Hi, > > Is there a security problem with ssh that I've missed??? > Ik keep getting these hords of: Failed password for root from > 69.242.5.195 port 39239 ssh2 > with all kinds of different source addresses. > > They have a shot or 15 and then they are of again, but a little later > on they're back and keep clogging my logs. > Is there a "easy" way of getting these ip-numbers added to the > blocking-list of ipfw?? not a ssh related problem, it's just a brute force attack, I'm experiencing this on every servers I have, more than 10 times a day. I'm really thinking about releasing the list of attackers IP to the public. As far as I know, it's a pack of compromised machines. patpro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAE96C6F-096E-11D9-AE98-000D93B1A412>