North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Customer-facing ACLs
> Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of a > concern? I can only assume it's to stop clients exploited boxen being used > to anonymise further telnet/ssh attempts - but have to admit this > discussion is the first i've heard of it being done 'en masse'. On one test machine that I leave SSH unfirewalled on, I'll see 200-4000 SSH login attempts per day, trying to brute force it. Lets see, this morning in an eight-minute span from one IP in Aruba 100 attempts for root; other usernames attempted include admin, staff, sales, office, alias, stud (!), trash, guest, test, oracle, a few personal names, apache, svn, iraf, swsoft, gast, sirsi and nagios. And this is a relatively slow day. Telnet I wouldn't know about, but I'm told bots will try to force it as well. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
|