[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] 300,000 failed login attempts in 6 months!!!

Subject: [ale] 300,000 failed login attempts in 6 months!!!
From: meuon at geeklabs.com (Mike Harrison)
Date: Tue, 19 Aug 2008 19:05:15 -0400 (EDT)
In-reply-to: <1219182293.25674.0.camel@zest>
References: <003301c90200$e959c5c0$0301000a@S0030153310> <[email protected]> <1219182293.25674.0.camel@zest>

>> Save yourself some trouble and run SSHD on a non-standard port.
>
> I keep seeing this said over and over again, and I keep wondering:  Are
> the attackers _really_ that stupid?  Wouldn't a simple portscan prior to
> attempting to attack get rid of any benefit that this would provide?

Like I said before, it's not any more secure,
it just cuts down the background noise level.

A directed attack will scan you.. possibly over hours or weeks.
and knows a lot about your system.

A default SSH answers like this:

-----------------------------------
#telnet foo.com 6969
Trying 14.205.139.1...
Connected to foo.com
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6p1
-----------------------------------

Pretty easy to find a simply moved SSH port.

But it WILL cut down the background noise of various stupid
scanner bots knocking on your doors.

References:
- [ale] 300,000 failed login attempts in 6 months!!!
  - From: reggie at busicast.com (Reggie Euser)
- [ale] 300,000 failed login attempts in 6 months!!!
  - From: yahoo at jimpop.com (Jim Popovitch)
- [ale] 300,000 failed login attempts in 6 months!!!
  - From: mike at trausch.us (Michael B. Trausch)

Prev by Date: [ale] 300,000 failed login attempts in 6 months!!!
Next by Date: [ale] 300,000 failed login attempts in 6 months!!!
Previous by thread: [ale] 300,000 failed login attempts in 6 months!!!
Next by thread: [ale] 300,000 failed login attempts in 6 months!!!
Index(es):
- Date
- Thread