For past few weeks I have noticed increased attempts to connect to my box through ssh. Has anyone else noticed it before? Its averaging at over 150 per day. - Asit.
On Wed, Oct 13, 2004 at 10:41:10AM +0530, Asit Vadhavkar wrote:
We've been noticing this for several weeks. Unfortunately, it's "normal". Ignore it. Make sure your passwords are secure. Don't allow root login over ssh. Restrict access by IP ranges if you can. Put your ssh daemon on a non-standard port if that floats your boat. Use key access instead of passwords if you can get away with it.
150/day is a hell of a lot, though. My peak has been about 15/day.
Morning Asit,
Good to have this info from you. Can you please run a sniffer(snort) on your n/w and let us know if you see anything else suspicious.
Also, check for any later versions of SSH available and pls upgrade the same to prevent maliciouc code being executed and privelege entry gained.
===== |------|____________________________________|------| ( >- / Scaling FreeSoftware & OpenSource \ -< ) /~\ / In the Enterprise \ /~\ | ) \ | | | / (/ | |_|_ ____________________________________/ _|_|
_______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today!
Asit Vadhavkar wrote:
Yes I too see it one 3 - 4 boxes of mine. They are trying the default users.
Better to put firewall on who can connect to port 22 or configure ssh to allow only few users from trusted hosts. If you login from dialup then you might need to think of different attribute.
Regards Rakesh