Aviram Jenik wrote:
>On Sunday, 18 September 2005 16:40, Oleg Goldshmidt wrote:
>
>
>>I figure that these entries are from blind and stupid attempts to
>>guess usename/password combination manually or automatically.
>>
>>
>
>That's one possibility. Another possibility is that someone is running an
>automated vulnerability scanner (e.g. nessus) to look for weaknesses. Yet
>another possibility is that someone is targetting an attack against your
>machine (though the chances here are slim).
>
>If it's #1, you want to stop them before they brute-force a valid login (see
>GSM's example). If it's #2, you want to stop them before they find your SSH
>is vulnerable to one of these attacks:
>http://www.securiteam.com/cgi-bin/htsearch?words=ssh
>
>
While not effective against nessus, changing the port number SSH runs on
will stop some of the automatic attacks. I don't know how many attackers
actually run a full blown vulnerability scanner, coupled with a port
scanner and a port identificator.
Shachar
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
