[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] 300,000 failed login attempts in 6 months!!!

Subject: [ale] 300,000 failed login attempts in 6 months!!!
From: brian at polibyte.com (Brian Pitts)
Date: Mon, 18 Aug 2008 12:49:25 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

Greg Freemyer wrote:
> I don't want to restrict access to private/public key authentication,
> but other than continueing to use strong passwords, is there something
> else I should be doing to slow down the onslaught.

In sshd_config you could use MaxStartups to slow down the onslaught.

Specifies the maximum number of concurrent unauthenticated con
nections to the SSH daemon.  Additional connections will be
 dropped until authentication succeeds or the LoginGraceTime
  expires for a connection.  The default is 10. Alternatively, random
early drop can be enabled by specifying the three colon separated values
?start:rate:full? (e.g. "10:30:60"). sshd(8) will refuse connection
attempts with a probability of ?rate/100? (30%) if there are currently
?start? (10) unauthenticated connections.  The probability increases
linearly and all connection attempts are refused if the number of
unauthenticated connections reaches ?full? (60).

I personally use DenyHosts [0] to deal with the problem.

[0] http://denyhosts.sourceforge.net/

-Brian

References:
- [ale] 300,000 failed login attempts in 6 months!!!
  - From: greg.freemyer at gmail.com (Greg Freemyer)

Prev by Date: [ale] 300,000 failed login attempts in 6 months!!!
Next by Date: [ale] Unhalfbricking WRT54GL
Previous by thread: [ale] 300,000 failed login attempts in 6 months!!!
Next by thread: [ale] 300,000 failed login attempts in 6 months!!!
Index(es):
- Date
- Thread