Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 09 November 2024, 12:37:07 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14250 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  SSH attacks not being blocked.
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SSH attacks not being blocked.  (Read 11844 times)
sarconastic
Jr. Member
*
Offline Offline

Gender: Male
Posts: 3



« on: Sunday 30 November 2008, 10:57:32 am »

I was reviewing my logs and found the following in the logs.
Local User logins:

sshd:
    Authentication Failures:
       unknown (87.248.128.10): 290 Time(s)
    Invalid Users:
       Unknown Account: 290 Time(s)

SSHD:

Failed logins from:
    87.248.128.10: 150 times
    219.149.153.6: 107 times

 Illegal users from:
    87.248.128.10: 2974 times
    219.149.153.6: 80 times

 Login attempted when not in AllowUsers list:
    mail : 1 Time(s)
    sshd : 1 Time(s)


 Received disconnect:
    11: Bye Bye : 3019 Time(s)


Intrusion detection is on, but it is apparently not blocking the offending IP's I looked in the SNORT rules and did not locate an entry for SSH.

Is there something I am missing here. I use Fail2ban on my server to ban the ips so i am not real familiar with how Endian performs the same service.

Thanks

Sarc.

Forgot to add, I am running Endian version 2.1.1 with only red and green networks.

Logged
NinNin
Full Member
***
Offline Offline

Posts: 24


« Reply #1 on: Monday 01 December 2008, 04:01:01 pm »

Same as my experience, so I solved by myself
1. Do not open port ssh at Router and another port also.
2. If you need to remote maintenance, Try to create OpenVPN connection with your account instead.
3. Remember to create a difficult password.

 Wink
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com