Re: [Sshguard-users] Question

[Emmanuel A. <man...@gm...>]

Hum,

I will change my ssh port number to try solve this problem.

Thank you so much Mij.

[]s

Emmanuel Alves
man...@gm...

---------------------------------------------------------------------
Twitter: http://www.twitter.com/emartsnet
Linked In: http://www.linkedin.com/in/emartsnet


On Mon, Oct 5, 2009 at 9:53 AM, Mij <mi...@ss...> wrote:

> Nothing is wrong, but the fact you're not being attacked by one
> insisting host, but by
> many in distributed fashion. There is no simple way to detect these:
> imagine you're
> running a shell server with many accesses, how would you spot this is
> a distributed
> attack rather than a "funnily many users got the password wrong in a
> short period of
> time" ? And similarly, even once you detect this, what do you do then?
>
> Detecting these is hard, but we have that in a TODO idle loop.
>
>
> On Oct 2, 2009, at 13:00 , Emmanuel Alves wrote:
>
> > Hi,
> >
> > My SSHGUARD was working perfectly, but since 2 days ago, my security
> > log has a lot of blocked IPs, but i cant find any failures to access
> > my ssh... here is part of my log:
> >
> > Oct  1 09:15:41 brain sshguard[77308]: Blocking 200.11.197.122: 4
> > failures over 2 seconds.
> > Oct  1 09:16:24 brain sshguard[77308]: Blocking 147.52.242.30: 4
> > failures over 0 seconds.
> > Oct  1 09:17:27 brain sshguard[77308]: Blocking 217.15.119.130: 4
> > failures over 0 seconds.
> > Oct  1 09:17:54 brain sshguard[77308]: Blocking 77.95.0.100: 4
> > failures over 0 seconds.
> > Oct  1 09:18:45 brain sshguard[77308]: Blocking 118.98.171.107: 4
> > failures over 4 seconds.
> > Oct  1 09:19:27 brain sshguard[77308]: Blocking 83.142.126.50: 4
> > failures over 1 seconds.
> > Oct  1 09:20:25 brain sshguard[77308]: Release command failed.
> > Exited: -1
> > Oct  1 09:20:55 brain sshguard[77308]: Blocking 69.213.134.19: 4
> > failures over 7 seconds.
> > Oct  1 09:21:31 brain sshguard[77308]: Blocking 203.198.161.20: 4
> > failures over 0 seconds.
> > Oct  1 09:22:18 brain sshguard[77308]: Blocking 217.111.114.216: 4
> > failures over 0 seconds.
> > Oct  1 09:22:55 brain sshguard[77308]: Blocking 88.84.142.50: 4
> > failures over 0 seconds.
> > Oct  1 09:23:32 brain sshguard[77308]: Release command failed.
> > Exited: -1
> > Oct  1 09:23:32 brain sshguard[77308]: Release command failed.
> > Exited: -1
> > Oct  1 09:24:30 brain sshguard[77308]: Blocking 60.28.10.26: 4
> > failures over 139 seconds.
> > Oct  1 09:25:16 brain sshguard[77308]: Blocking 82.98.78.31: 4
> > failures over 0 seconds.
> > Oct  1 09:25:55 brain sshguard[77308]: Blocking 202.78.239.203: 4
> > failures over 1 seconds.
> > Oct  1 09:26:43 brain sshguard[77308]: Blocking 69.129.125.162: 4
> > failures over 3 seconds.
> > Oct  1 09:27:28 brain sshguard[77308]: Blocking 61.183.0.35: 4
> > failures over 0 seconds.
> > Oct  1 09:28:12 brain sshguard[77308]: Blocking 83.132.104.248: 4
> > failures over 0 seconds.
> > Oct  1 09:28:52 brain sshguard[77308]: Blocking 61.172.200.198: 4
> > failures over 1 seconds.
> > Oct  1 09:29:57 brain sshguard[77308]: Blocking 83.142.126.51: 4
> > failures over 1 seconds.
> > Oct  1 09:30:31 brain sshguard[77308]: Blocking 211.137.70.137: 4
> > failures over 3 seconds.
> > Oct  1 09:31:04 brain sshguard[77308]: Blocking 202.107.85.254: 4
> > failures over 710 seconds.
> > Oct  1 09:31:52 brain sshguard[77308]: Blocking 58.185.182.212: 4
> > failures over 0 seconds.
> > Oct  1 09:32:37 brain sshguard[77308]: Blocking 61.131.208.44: 4
> > failures over 1 seconds.
> > Oct  1 09:32:59 brain sshguard[77308]: Release command failed.
> > Exited: -1
> > Oct  1 09:32:59 brain sshguard[77308]: Release command failed.
> > Exited: -1
> > Oct  1 09:33:22 brain sshguard[77308]: Blocking 147.52.242.39: 4
> > failures over 0 seconds.
> > Oct  1 09:34:00 brain sshguard[77308]: Blocking 80.219.210.151: 4
> > failures over 0 seconds.
> > Oct  1 09:34:56 brain sshguard[77308]: Blocking 79.29.174.11: 4
> > failures over 3 seconds.
> > Oct  1 09:35:33 brain sshguard[77308]: Blocking 212.235.9.44: 4
> > failures over 0 seconds.
> > Oct  1 09:36:19 brain sshguard[77308]: Blocking 196.201.228.186: 4
> > failures over 0 seconds.
> > Oct  1 09:37:45 brain sshguard[77308]: Blocking 189.56.92.42: 4
> > failures over 1 seconds.
> >
> > I´m wrong?
> >
> > []s
> >
> > Emmanuel Alves
> > man...@gm...
> >
> > ---------------------------------------------------------------------
> > Twitter: http://www.twitter.com/emartsnet
> > Linked In: http://www.linkedin.com/in/emartsnet
> >
> ------------------------------------------------------------------------------
> > Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
> > is the only developer event you need to attend this year. Jumpstart
> > your
> > developing skills, take BlackBerry mobile applications to market and
> > stay
> > ahead of the curve. Join us from November 9&#45;12, 2009. Register
> > now&#33;
> >
> http://p.sf.net/sfu/devconf_______________________________________________
> > Sshguard-users mailing list
> > Ssh...@li...
> > https://lists.sourceforge.net/lists/listinfo/sshguard-users
>
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>