From owner-freebsd-security@FreeBSD.ORG Wed Apr 6 16:00:53 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7C9A16A4CE for ; Wed, 6 Apr 2005 16:00:53 +0000 (GMT) Received: from smp500.sitetronics.com (sitetronics.com [82.192.77.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41D1543D2D for ; Wed, 6 Apr 2005 16:00:53 +0000 (GMT) (envelope-from dodell@offmyserver.com) Received: from localhost.sitetronics.com ([127.0.0.1] helo=smp500.sitetronics.com) by smp500.sitetronics.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.50 (FreeBSD)) id 1DJCvh-000NjG-3a; Wed, 06 Apr 2005 17:58:57 +0200 Received: (from dodell@localhost) by smp500.sitetronics.com (8.12.11/8.12.11/Submit) id j36FwuGx091217; Wed, 6 Apr 2005 17:58:56 +0200 (CEST) (envelope-from dodell@offmyserver.com) X-Authentication-Warning: smp500.sitetronics.com: dodell set sender to dodell@offmyserver.com using -f Date: Wed, 6 Apr 2005 17:58:56 +0200 From: "Devon H. O'Dell " To: Martin McCormick Message-ID: <20050406155856.GA43436@smp500.sitetronics.com> Mail-Followup-To: Martin McCormick , freebsd-security@freebsd.org References: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Y46NoIcKQuicSz3X" Content-Disposition: inline In-Reply-To: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu> User-Agent: Mutt/1.5.8i X-Mailman-Approved-At: Wed, 06 Apr 2005 16:33:24 +0000 cc: freebsd-security@freebsd.org Subject: Re: What is this Very Stupid DOS Attack Script? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 16:00:53 -0000 --Y46NoIcKQuicSz3X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Apr 06, 2005 at 10:49:08AM -0500, Martin McCormick wrote: > We have been noticing flurries of sshd reject messages in > which some system out there in the hinterlands hits us with a flood of > ssh login attempts. An example: [snip] If you search google, you'll see many recent similar threads on both this and other mailing lists. Perhaps the most interesting is one recently on the DragonFly BSD users list, in which there were several scripts / applications written to analyze the logs and add IPFW / PF rules blocking these connections. It's simply a brute force kiddy script. No harm. Or, shouldn't be if you don't use silly passwords ;) The script simply tries user:user combinations. --Devon --Y46NoIcKQuicSz3X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCVAdASkf3jVXOdl0RAspQAKCZRqRWLAEopgWfteN5j4091simkQCfWkqQ EjLXiRNPVdc6k8OLdI/KVGY= =BEDN -----END PGP SIGNATURE----- --Y46NoIcKQuicSz3X--