On Fri, August 19, 2005 10:29 am, Tito Mari Francis EscaƱo said: > This may offend some members of this list, but recently I personally encountered this SSH Bruteforce activity, but not only in my Linux box, but on my OpenBSD (OBSD) testbox connected to the net outside the firewall. > > Before I used this OBSD, I used to have here a Whitebox Linux so that our associates can see our test web deployment, and it was > (sickeningly) very slow to my surprise. I replaced it with OBSD and uploaded static HTML pages. Things were OK until the screen reported SSH connection request from an IP (211.234.100.76) using tried > usernames and passwords, which I traced coming from KIDC-GABIA (a National Internet Registry) in Seoul, Korea using whois. > > Anybody who can relate to this incident pls?
This ssh bruteforce stuff is very very old technique, and I guess most of the servers from Korea were compromised by kiddos. To answer your question, IMHO, some Linux distribution by default are not optimized to be a server, and you have to adjust some kernel config and other stuff to make it scream. OTOH, OpenBSD by default is good to go as a server, because OpenBSD guys are more on security and proactive specially in networking stuffs. I guess right now OpenBSD is challenging CISCO claiming that there should be open-source counter part of their technology like CARP, OpenBGP and OpenOSPF. br -- Jimmy B. Lim IT Operation & Support Team Leader System Administrator Tricom Dynamics, Inc. Tricom Systems (Phils.), Inc. Key Id: 0x7D2BD148 j i m m y @ t r i c o m . c o m . p h _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
