North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a record?

  • From: Peter Dambier
  • Date: Mon Nov 14 18:03:42 2005

Randy Bush wrote:
for one host, 185,932 ssh dictionary password attacks in one gmt day
(and, of course, password login is not enabled).


I guess it is.

Must be a high performing system :)

I have seen many attacks on DSL 1000 MBit and 2000 MBit hosts.
Attacks typically lasted 10 minutes. No more than 10 attacks a day.
I did not count the passwords - I guess it must have been 250 each.

Getting rid of them:

Starting sshd from xinetd or inetd. If you have an ol' 386 like me
they have already wasted their wordbook before your sshd comes up.

Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?

Seen no more wordbooks since. Had to by me a dictonary :)

I would not dare enabling logins on your system.

Kind regards
Peter and Karin

Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP:
mail: [email protected]
mail: [email protected]