[lug] DOS ssh attacks

Rob Nagler nagler at bivio.biz
Sat Jan 10 09:04:54 MST 2009

We've been under heavy attack the last 24 hours. The only annoyance is
that all the ssh connections are sucked up for a period of time so we
can't get in via certain machines public interfaces.  Blocking the
addresses in iptables fixes the problem.

This seems to be localized to our ViaWest hosts.  Our FRII rack is
always available.

Is anybody else experience this type of attack (see log entries
appended) right now?

Another question is: any tricks we can use to slow down requests to
ssh so we don't get locked out?


Jan 10 08:53:37 host1 sshd(pam_unix)[28289]: check pass; user unknown
Jan 10 08:53:37 host1 sshd(pam_unix)[28289]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= 

More information about the LUG mailing list