On Tue, 23 Dec 2014, Jim Garrison wrote:
I never get ANY ssh cracking attempts by the simple expedient of running
SSH on a non-standard port. I used to get hundreds of attempts a day but
reconfigured SSH to listen on a specific port above 2 and now never
see any attempts.
Jim,
Works
Yes, back when I lived in Tampa, FL. Our amateur radio packet network was
interlinked where there were no RF paths, over the internet, I at one point
had
buckets full of attempts to the point that we even called the FBI about it,
and
since the device was used as part of the emergency system, even
Last Thursday or Friday the daily log reports showed fewer cracking
attempts via ssh. The number (and types) decreased over the weekend and
today there's nothing. Historically, there are hundreds to tens-of-thousands
probes each day attempting to use ssh to enter my network. Not seeing any is
On Tue, Dec 23, 2014 at 7:51 AM, Rich Shepard rshep...@appl-ecosys.com
wrote:
Last Thursday or Friday the daily log reports showed fewer cracking
attempts via ssh. The number (and types) decreased over the weekend and
today there's nothing. Historically, there are hundreds to
On 12/23/2014 07:51 AM, Rich Shepard wrote:
Last Thursday or Friday the daily log reports showed fewer cracking
attempts via ssh. The number (and types) decreased over the weekend and
today there's nothing. Historically, there are hundreds to tens-of-thousands
probes each day attempting to
On Tue, 23 Dec 2014, Denis Heidtmann wrote:
North Korea has been off-line recently.
Denis,
I thought of that, too. But many of the IP addresses that were regular
visitors were from 123data.cn and similar.
Rich
___
PLUG mailing list
On Tue, 23 Dec 2014, Dick Steffens wrote:
Is there any possibility that all of those cracking attempts came from
North Korea? From this morning's USA Today it sounds like someone cut
North Korea off the Internet.
Dick,
As I wrote in response to Denis' comment, I thought of that, but when
On Tue, 23 Dec 2014, bro...@netgate.net wrote:
The change is likely caused by your dynamic IP address.
Brooks,
Since Frontier Communications has been regularly changing my IP address
ever since they bought Verison's land line business it would be strange that
only now does it affect the
On 12/23/2014 9:14 AM, Rich Shepard wrote:
On Tue, 23 Dec 2014, Dick Steffens wrote:
Is there any possibility that all of those cracking attempts came from
North Korea? From this morning's USA Today it sounds like someone cut
North Korea off the Internet.
Dick,
As I wrote in
On Tue, 23 Dec 2014, Jim Garrison wrote:
I never get ANY ssh cracking attempts by the simple expedient of running
SSH on a non-standard port. I used to get hundreds of attempts a day but
reconfigured SSH to listen on a specific port above 2 and now never
see any attempts.
Jim,
I would argue that is isn't the cracking attempts that you should be
monitoring. Is is the cracking successes. Have there been any unusual
logins?
Honestly, failed attempts are meaningless (unless it is a DDOS, and
then monitoring them only exacerbates the problem); the successful
logins are
On 12/23/14 09:14, Rich Shepard wrote:
On Tue, 23 Dec 2014, Dick Steffens wrote:
Is there any possibility that all of those cracking attempts came from
North Korea? From this morning's USA Today it sounds like someone cut
North Korea off the Internet.
Dick,
As I wrote in response to
On 12/23/2014 9:22 AM, Rich Shepard wrote:
On Tue, 23 Dec 2014, Jim Garrison wrote:
I never get ANY ssh cracking attempts by the simple expedient of running
SSH on a non-standard port. I used to get hundreds of attempts a day but
reconfigured SSH to listen on a specific port above 2 and
On Tue, 23 Dec 2014, Jim Garrison wrote:
It's a simple one-line change in /etc/ssh/sshd_config:
Port 21499
instead of Port 22 and then restart sshd.
Jim,
Thought so. Done.
On the Linux/Cygwin client side it's a command-line parameter or an
entry in ~/.ssh/config, as in
host
On Tue, 23 Dec 2014, Atom Powers wrote:
I would argue that is isn't the cracking attempts that you should be
monitoring. Is is the cracking successes. Have there been any unusual
logins?
Atom,
No, never. This is why I want to see the sshd log entries from
/var/log/messages summarized by
On Tue, 23 Dec 2014, Galen Seitz wrote:
I have the opposite experience. Starting yesterday ssh attempts went up
significantly. Originating IPs are from all over the world.
galen,
How interesting! The weekends have always been slow, but before there had
always
been some activity. Very
On Tue, Dec 23, 2014 at 09:27:30AM -0800, Galen Seitz wrote:
I have the opposite experience. Starting yesterday ssh attempts went up
significantly. Originating IPs are from all over the world.
I've averaged 1000 attacks per day since April, 2400 per day
so far through December, and 2200 per
17 matches
Mail list logo