[ale] 300,000 failed login attempts in 6 months!!!

James Taylor James.Taylor at eastcobbgroup.com
Tue Aug 19 20:08:16 EDT 2008


I assume "the attackers" is a bunch of stupid bots looking for standard ports.
I don't expect to defend against a targeted attack, I'm just trying to keep my log files from consuming all my disk space with failed login attempts.

So far it's been 100% effective for that purpose.

On a slightly tangential note, I've had similar results by fronting my spamserver with sqlgrey.
I got rid 80-90% of the messages my spam filter would have otherwise have had to process.

I like getting rid of 80% of my problems with an easy fix.  Then I can focus more time on dealing with which of the 20% that require more effort.

-jt 
 

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com


>>> "Michael B. Trausch" <mike at trausch.us> 8/19/2008 05:44 PM >>> 
On Tue, 2008-08-19 at 12:12 -0400, Jim Popovitch wrote:
> New?  No.  SSH brute force attempts are not new.  You, as a target,
> might be new. ;-)
> 
> Save yourself some trouble and run SSHD on a non-standard port.

I keep seeing this said over and over again, and I keep wondering:  Are
the attackers _really_ that stupid?  Wouldn't a simple portscan prior to
attempting to attack get rid of any benefit that this would provide?

	--- Mike

-- 
My sigfile ran away and is on hiatus.





More information about the Ale mailing list