Re: [Fail2ban-users] attention: since sept30,2009 big ssh-attack

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I confirm on the only server I manage that has ssh open to the world.

Klaus Lehmann wrote:
> hi fans
> 
> approx. since yesterday I noticed a massive attack against my servers.
> attacks are based only on SSH:
> exactly every one minute there was an login.
> 
> sharply looking on attacking ip's, I get no system. only this:
> 196.41.113.27-196.41.113.30 (all 4 ips' in 4 minutes, in a row; its an
> southafrican server...)
> I think this a, what I'm here NOT proud to live with it, systematical
> attack.
> I can't think, this is uncontrolled: sriptciddies or other bullshit.
> I think. someone (friends from eastern? where is "eastern", it a point
> of view ;-) ) is attacking MY and ofcourse other systems.
> 
> my problem:
> between oct.1st  0.00hour and now  oct 1st. 7:54 there are approx 500
> loggings about attacks on ONE server (=250-300 logs in ONE hour.) a
> little bit too much.
> 
> my question:
> is it possible to get a digest from logging_system. not one msg per
> attck. 
> my idea: a collecting email: one per hour.
> 
> [if not I must disable: one msg from one attack ] ;-(
> 
> 
> 
> yours
> sadly
> klaus
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Fail2ban-users mailing list
> Fai...@li...
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> 

- --
Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107
Independent Linux and Security Consultant - SANS - OISSG - OWASP
http://www.buanzo.com.ar/pro/eng.html
Mailing List Archives at http://archiver.mailfighter.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAkrEia4ACgkQAlpOsGhXcE1j3gCbBGKEgAA4BYsh9HUysDENI48w
dIYAn2LTakZik6GemOiEHsH6toiuqFMc
=OG1a
-----END PGP SIGNATURE-----