what is with the recent uptick in failed ssh logins everywhere? a few weeks ago, i almost never got emails from the automatic log watchers about these, now i get at least one or two a day, all from different ip addresses. usually they’re attempted root logins, but sometimes they’re attempts to log in as other role accounts (like bin).
http://www.k-otik.com/exploits/08202004.brutessh2.c.php
This exploit is running around in the wild, and being used fairly extensively. I used to get one or two ssh login attmepts a month. Now I can get a dozen a day. How annoying.
I've also been noticing this on numerous boxes. I eventually have setup a box which allows SSH'ing into and then I can ssh to other boxes and firewalled incoming port 22 traffic. It is annoying getting reports of tonnes of failed SSH login attempts.
Jim Winstead has been mentioning problems with failed SSH Logins. I've also been noticing the increase in these failed login attempts. Quite annoying actually. I think the version of the brutessh2.c stuff linked above is a nicer example than what...
Another "me too" here. Makes good iptables fodder.
Here's a proposed solution using iptables.
sorry, comments on this post are closed.
There's a worm going around that does brute force attempts on root/root, test/test, admin/admin and a few others IIRC.