[PLUG] No ssh cracking attempts?

Rich Shepard rshepard at appl-ecosys.com
Tue Dec 23 17:18:48 UTC 2014


On Tue, 23 Dec 2014, brooks at netgate.net wrote:

> The change is likely caused by your dynamic IP address.

Brooks,

   Since Frontier Communications has been regularly changing my IP address
ever since they bought Verison's land line business it would be strange that
only now does it affect the attempts.

>  I just tried to connect to your server and everything, from an ssh
> perspective, looks fine.

   Interesting. The only entry in /var/log/syslog is:
Dec 23 08:33:56 salmo sshd[28963]: fatal: no matching cipher found: client
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
[preauth]

> Take solace in the time without attack traffic because without a doubt the
> bad behavior will return.

   I'd take more comfort if I knew for certain that the reason for the lack
of traffic is external.

> Over the last few hours I've seen ssh attacks from these TLDs:
>     .cn,.ru,.jp,.kr,.uk,.net,.com,.pt,.it,.fr,.de
> to my home network.

   That's the diversity I've always seen, too.

Thanks,

Rich



More information about the PLUG mailing list