Distributed SSH attack
David Xu
davidxu at freebsd.org
Fri Apr 16 08:39:56 UTC 2010
Jeremy Lea wrote:
> Hi,
>
> This is off topic to this list, but I dont want to subscribe to -chat
> just to post there... Someone is currently running a distributed SSH
> attack against one of my boxes - one attempted login for root every
> minute or so for the last 48 hours. They wont get anywhere, since the
> box in question has no root password, and doesn't allow root logins via
> SSH anyway...
>
> But I was wondering if there were any security researchers out there
> that might be interested in the +-800 IPs I've collected from the
> botnet? The resolvable hostnames mostly appear to be in Eastern Europe
> and South America - I haven't spotted any that might be 'findable' to
> get the botnet software.
>
> I could switch out the machine for a honeypot in a VM or a jail, by
> moving the host to a new IP, and if you can think of a way of allowing
> the next login to succeed with any password, then you could try to see
> what they delivered... But I don't have a lot of time to help.
>
> Regards,
> -Jeremy
>
Try to change SSH port to something other than default port 22,
I always did this for my machines, e.g, change them to 13579 :-)
Regards,
David Xu
More information about the freebsd-hackers
mailing list