[Denyhosts-user] "Received disconnect" how to block them?

Fri, 18 Jan 2013 00:48:42 -0800 

Hi,


I receive allot of "Received disconnect from SOME_IP_HERE: 11: Bye Bye"

I was wondering how i can block this type of ssh attacks?
Other attackers that use a User Name get successfully blocked. But not This
type of attacks.

In my Logwatch i see

 --------------------- Denyhosts Begin ------------------------

 new denied hosts: 61.19.53.82,136.187.116.100

 ---------------------- Denyhosts End -------------------------

  --------------------- SSHD Begin ------------------------

Received disconnect:
    11: Bye Bye : 293 Time(s)
    11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) : 2 Time(s)
    11: disconnected by user : 1 Time(s)

 Refused incoming connections:
       136.187.116.100 (136.187.116.100): 1 Time(s)
       61.19.53.82 (61.19.53.82): 1 Time(s)

**Unmatched Entries**
 reverse mapping checking getaddrinfo for 218-38-12-69.youiwe.co.kr [*
218.38.12.69*] failed - POSSIBLE BREAK-IN ATTEMPT! : *211 time(s)*

  ---------------------- SSHD End -------------------------

The attacker with 211 attempts did not get blocked.

It Should also not be a time problem.

First attack
Jan 17 18:10:49 nas1 sshd[25460]: Received disconnect from 218.38.12.69:
11: Bye Bye
Jan 17 18:10:52 nas1 sshd[25461]: reverse mapping checking getaddrinfo for
218-38-12-69.youiwe.co.kr [218.38.12.69] failed - POSSIBLE BREAK
-IN ATTEMPT!

Last Attack
Jan 17 18:20:04 nas1 sshd[26482]: Received disconnect from 218.38.12.69:
11: Bye Bye
Jan 17 18:20:14 nas1 sshd[26818]: Connection closed by 218.38.12.69



OS Centos 6.3
denyhosts-2.6-19.el6.noarch

My SSH Configuration is "ssh keys" only.
Password authentication is disabled.


Thank You.

------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

Reply via email to