[PLUG] No ssh cracking attempts?

Atom Powers atom.powers at gmail.com
Tue Dec 23 17:26:45 UTC 2014


I would argue that is isn't the cracking attempts that you should be
monitoring. Is is the cracking successes. Have there been any unusual
logins?

Honestly, failed attempts are meaningless (unless it is a DDOS, and
then monitoring them only exacerbates the problem); the successful
logins are interesting.

On Tue, Dec 23, 2014 at 9:19 AM, Jim Garrison <jhg at jhmg.net> wrote:
> On 12/23/2014 9:14 AM, Rich Shepard wrote:
>> On Tue, 23 Dec 2014, Dick Steffens wrote:
>>
>>> Is there any possibility that all of those cracking attempts came from
>>> North Korea? From this morning's USA Today it sounds like "someone" cut
>>> North Korea off the Internet.
>>
>> Dick,
>>
>>    As I wrote in response to Denis' comment, I thought of that, but when I
>> see IP addresses from domains like 123data.cn and similar I wonder if _all_
>> the cracking attempts come via PRNK. The news that the country was off-line
>> showed up yesterday or the day before.
>>
>>    So, has anyone else seen cracking attempts via ssh drop to zero over the
>> past few days?
>
> I never get ANY ssh cracking attempts by the simple expedient of
> running SSH on a non-standard port.  I used to get hundreds of
> attempts a day but reconfigured SSH to listen on a specific port above
> 20000 and now never see any attempts.
>
> --
> Jim Garrison (jhg at acm.org)
> PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug



-- 
Perfection is just a word I use occasionally with mustard.
--Atom Powers--



More information about the PLUG mailing list