North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Customer-facing ACLs

  • From: Dave Pooser
  • Date: Sat Mar 08 02:12:01 2008

> Port 22 outbound? And 23?  Telnet and SSH _outbound_ cause that much of a
> concern? I can only assume it's to stop clients exploited boxen being used
> to anonymise further telnet/ssh attempts - but have to admit this
> discussion is the first i've heard of it being done 'en masse'.

On one test machine that I leave SSH unfirewalled on, I'll see 200-4000 SSH
login attempts per day, trying to brute force it. Lets see, this morning in
an eight-minute span from one IP in Aruba 100 attempts for root; other
usernames attempted include admin, staff, sales, office, alias, stud (!),
trash, guest, test, oracle, a few personal names, apache, svn, iraf, swsoft,
gast, sirsi and nagios. And this is a relatively slow day.

Telnet I wouldn't know about, but I'm told bots will try to force it as
Dave Pooser, ACSA
Manager of Information Services
Alford Media