From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-security-return-1471-arch-gentoo-security=gentoo.org@lists.gentoo.org>
Received: (qmail 20960 invoked from network); 7 Nov 2004 13:38:01 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 7 Nov 2004 13:38:01 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CQnF3-0006Lg-0d
	for arch-gentoo-security@lists.gentoo.org; Sun, 07 Nov 2004 13:38:01 +0000
Received: (qmail 1973 invoked by uid 89); 7 Nov 2004 13:37:39 +0000
Mailing-List: contact gentoo-security-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-security@gentoo.org>
List-Help: <mailto:gentoo-security-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-security-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-security-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
X-BeenThere: gentoo-security@gentoo.org
Received: (qmail 10863 invoked from network); 7 Nov 2004 13:37:39 +0000
Message-ID: <418E251F.20201@mega.ist.utl.pt>
Date: Sun, 07 Nov 2004 13:37:35 +0000
From: Rui Covelo <rpfc@mega.ist.utl.pt>
Organization: Instituto Superior =?ISO-8859-1?Q?T=E9cnico?=
User-Agent: Mozilla Thunderbird 0.8 (X11/20040913)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Brian G. Peterson" <brian@braverock.com>
CC:  gentoo-security@lists.gentoo.org
References: <418D310B.6050106@ahsoftware.de> <20041106193125.A24826@netdirect.ca> <200411070710.21431.brian@braverock.com>
In-Reply-To: <200411070710.21431.brian@braverock.com>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 07 Nov 2004 13:37:37.0935 (UTC) FILETIME=[F23911F0:01C4C4CE]
Subject: Re: [gentoo-security] help blocking automated ssh scanning attack
 script
X-Archives-Salt: 451fc0d8-c421-4b3d-90a7-d6c50f4ffd98
X-Archives-Hash: 98386ce1da37aef345b56a0f4ca1c65d

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




Yes, this has been discussed in this mailing list some months ago. I
just don't thing there's any reason to become paranoid unless you
administer a box with lots of "dumb users". Because "dumb users" usualy
choose "dumb passwords", you'll proabably have to educate them or force
them to user better passwords.

Myself, I just use strong passwords and a different ssh port just to
keep my logs clean.





Brian G. Peterson wrote:
| I've noticed over the last few months that ssh attack scanning scripts
have
| been proliferating.  The scripts attack using a common set of
usernames with
| weak password combinations, and result in a long line of log entries like:
(...)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBjiUdfLPhlaxNQk0RAmLXAJ9f4s2bY7iJwMZlxS7F22HaHPQCmQCfddTX
38i7v9jwwcOnpgwLMP2FZmk=
=Gr67
-----END PGP SIGNATURE-----

--
gentoo-security@gentoo.org mailing list