[geeks] SSH Scans Increasing
Mike Hebel
nimitz at nimitzbrood.com
Thu Aug 21 06:59:55 CDT 2008
A talking watermelon whispered a message to me from: Phil Stracchino
> Jonathan C. Patschke wrote:
>> Has anyone else seen a very sharp increase in the number of SSH scans
>> since this weekend?
>>
>> I have a program running out of cron that looks for break-ins and
>> updates
>> my /etc/pf.conf automagically. It mails me when it adds a new host to
>> the
>> list. I used to get 2 - 3 per week, but now I see 20 - 30 per day.
>
> I haven't seen it. But then, I got so sick of ssh-dictionary-scanning
> scriptkiddies filling up my logs day after day, week after week, month
> after month, and have so few non-local users, that I implemented a
> whitelist-only pf rule for SSH and FTP connections.
>
> Currently I'm pondering the best means to allow users with existing
> accounts and known SSH keys to remotely authorize new IPs for themselves.
I just moved my SSH port up into the stratosphere and had done with it.
*knocks on wood* I haven't seen an SSH scan since.
--
Mike Hebel
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
More information about the geeks
mailing list