[lug] DOS ssh attacks

Todd todd at shredsnow.com
Sat Jan 10 09:29:55 MST 2009

On Sat, Jan 10, 2009 at 8:04 AM, Rob Nagler <nagler at bivio.biz> wrote:

> We've been under heavy attack the last 24 hours. The only annoyance is
> that all the ssh connections are sucked up for a period of time so we
> can't get in via certain machines public interfaces.  Blocking the
> addresses in iptables fixes the problem.
> This seems to be localized to our ViaWest hosts.  Our FRII rack is
> always available.
> Is anybody else experience this type of attack (see log entries
> appended) right now?
> Another question is: any tricks we can use to slow down requests to
> ssh so we don't get locked out?
> Thanks,
> Rob
> ----------------------------------------------------------------
> Jan 10 08:53:37 host1 sshd(pam_unix)[28289]: check pass; user unknown
> Jan 10 08:53:37 host1 sshd(pam_unix)[28289]: authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=


You can lock down access to port 22 from only select IPs via iptables or set
up something like BFD:



- Todd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20090110/07054bd4/attachment.html>

More information about the LUG mailing list