Toblog : Tag ssh, everything about ssh

SSH attackers now using botnets

Posted by Toby Mon, 22 Oct 2007 14:06:00 GMT

I’m used to seeing ssh dictionary attacks from single IPs, hitting my servers in a short amount of time. For the first time today, however, I have had entries like the following:

Oct 22 15:05:54 [sshd] error: PAM: Authentication failure for root from <hostname>

...fairly regularly spaced throughout the day, all from different hosts. The natural assumption is that the dictionary attacks are now being run from botnets.

Anyone else seeing these? In the past when noticing dictionary attacks I’ve blocked the source IP; that now seems a little harsh for hosts that are being used without their owners’ consent. If a lot of people did that it may encourage the owners to take more notice of their security, but such a draconian measure would require a large amount of people to take part in order for it to be effective.

A DNSBL for firewalls would be a possible solution, although there would have to be a way of notifying people the reason they can’t connect to a particular host.

Posted in technology
Tags botnet, dictionary_attack, ssh
Meta no trackbacks, no comments, permalink, rss, atom

Archives

Tags

amazon apple bbc blair cash_for_honours comp_risks copyright database_state e evoting finance id_cards iphone iraq london microsoft music nhs npfit open_rights_group photography police_state politics religion science silly stupidity technology typography vale

activism Another Chance To See Bartholomew's Notes on Religion Big Sticks and Small Carrots Bloggerheads Bloggerheads: The Alisher Usmanov Affair Craig Murray Daily Mail Watch Freeborn John Here Comes Everybody Jess Worth's blog Kim Cameron's Identity Weblog Last Chance to See Little Man, What Now? Ministry of Truth Pundit Predictions qwghlm.co.uk Richard Wilson's blog spEak You're bRanes The Open Rights Group The Quiet Road The Sun - Tabloid Lies The UK Today Your Right To Know
design Particletree RSS Digest Presentation Zen Typographica
education Mr. Chalk Scenes From The Battleground Tales From The Chalk-face
entertainment Beau Bo D'Or Bill's Blog Blue Blog BrokenTV Darkgate Comic Slurper Dr. Boli's Celebrated Magazine. English Russia garfield minus garfield London is Free Londonist Man Writes Blog No Rock And Roll Fun Not Always Right | Funny & Stupid Customer Quotes passive-aggressive (and just plain aggressive) notes PhotoshopDisasters Scaryduck: Not Scary. Not a Duck. Stephen Fry The Comics Curmudgeon The Daily Mash The FAIL Blog The Great Architect
financial-and-business BBC NEWS | Peston's Picks Bearwatch Blog Maverick blog.pmarca.com Burning our money Business Blog | Trading Floor | Post your Comments Falkenblog Financial Armageddon London Banker Mark Wadsworth Market Ticker Mish's Global Economic Trend Analysis Of two minds. Rahul Sood's Weblog Stumbling and Mumbling The CityUnslicker - Business and Politics The diary of a CTO Tim Worstall
gastronomy Cooking For Engineers DOS HERMANOS
law Area Trace No Search Chief Constable's Blog Cop in the Hood GeekLawyer's Blog Head of Legal NIGHTJACK - AN ENGLISH DETECTIVE PC Bloggs - a Twenty-first Century Police Officer Police Community Support Officer POLICE INSPECTOR BLOG The Law West of Ealing Broadway The Policeman's Blog
literature-and-language Charlie's Diary Language Log MMS RSS Feed Richard Morgan's News & Views The Early Days of a Better Nation The Skinner World Wide Words updates
medical Baby blue pyjamas Dr Petra Boynton I Blog Dr Rant Life in the NHS Mental Nurse Mind Hacks Mixing Memory Nee Naw NHS Blog Doctor Not so Newbie at EOC Random Acts Of Reality Sexual Intelligence SharpBrains Siren voices The Angry Medic The Paramedic's Diary
music salem grine blog The Police Diver's Notebook trespassers william
news BBC News | UK | UK Edition BBC News | World | UK Edition The Churner Prize The Debatable Land Wharf
people-and-personal :: The Wendy House :: A bunch of hooey A Daisy Through Concrete A stilted and jerky version of what is me. a very clever and exciting place for words to live aircraftgallery.net Latest News (RSS) AnnaRusselli's Weblog blog.alpower.com Dark Gate Message of the Day Databases and Life David Emery Online Gary Andrews KateEvans Man Writes Blog petite anglaise readingtype Reprocessed Salut! The Devil's Advocate The Everywhere Girl Blog Toblog
photography dpreview.com Developer blog dpreview.com Editorial blog DSLRBLOG EOSrebels.com Blog mandolux« Photocritic photography blog
politics Boris Johnson MP Channel 4 News - FactCheck Chicken Yoghurt histologion Ideal Government Ideal Government Europe Jerry Fishenden's technology policy blog Lords of the Blog Margot Wallström Non Tibi Spiro Nosemonkey's EUtopia Owen abroad Spy Blog - SpyBlog.org.uk Tom Watson MP UN Dispatch
science Aetiology badscience Black Triangle DC's Improbable Science DC's IMPROBABLE SCIENCE Depleted Cranium Discovering Biology in a Digital World New Scientist - Latest Headlines New Scientist - Quantum World Null Hypothesis Physics Buzz Scientific Misconduct Blog
technical A List Apart blackbag Cisco IOS hints and tricks Damn Interesting David Pilling Software Ditherati: See the Digerati Dither, Daily Drobe Launchpad News Engadget Extremetech Extremetech Reviews Game + Life Review (2/10) Geek Dinner London Gentoo Linux News Gizmodo IDIOT TOYS: Tech reviews for the bored Joel on Software Jorge Camoes' Charts Lifehacker Light Blue Touchpaper RISKS Digest Schneier on Security Signal vs. Noise Slashdot: Stupid Security TechCrunch TechCrunch UK The Icon Bar (RSS 0.9 feed) the INQUIRER The Register Typo official weblog useful.things Virtualization news for the channel community and you !
transport Bloodbus bus driving Going Underground's Blog Underground Gal

Twitter Updates