rootkit?
Dan Hollis
goemon at anime.net
Mon Dec 12 23:15:01 UTC 2005
On Mon, 12 Dec 2005, Chasecreek Systemhouse wrote:
> I would say there is a ssh brute force hack floating around that has
> not been documented yet; as such it is all Server admins best
> interests to remain vigilant.
ssh bruteforcers have been around for a couple years now. it's a sign of
desperation by spammers -- traditional exploits are no longer effective
due to selinux, grsecurity et al, so they have switched to bruteforce.
i've seen attacks of upwards of 500mbit/sec of ssh attempts. they don't
even bother trying to be sneaky about it.
pam_abl is extremely effective in preventing bruteforce attacks:
http://www.hexten.net/pam_abl/
btw you probably don't notice them, but (my|postgre)sql bruteforcers are
going around too.
-Dan
More information about the test
mailing list