... > every day the system is on, I see people attempting to access the > system via SSH from unknown, to it, IP addresses.
Like Mark Pace, I see a CONSTANT stream of such break-in attempts. Looks like they're trying a list of known usernames, presumably with accomanying known default passwords. (I am not aware of any specific vulnerability in SSH (protocol or programs) related to the IDs used in the attempts, so I see no other value in those names.) (But my knowledge is finite.) Not sure how to stave off this attack other than to slow down the SSH connections. I asked an internal forum if anyone knew of a way to "throttle" SSH. No positive responses (but a limitted sample set, since we're not SSH experts). I suppose I *could* poll an SSH list. For my own stuff, one of the target boxes is a 486 SX at 25MHz. Really. So there is an automatic slow-down, and I've seen at least one would-be cracker apparently give up and go away. Ahh ... the joy of using surplus hardware. ;-) Fighting this attack is a little like fighting spam: Hard to tell ahead of time if the approaching client is friend or foe. Manual black-listing of the attacking hosts is an arms race. It just doesn't scale. -- R; ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
