[ale] SSH attempts

Michael H. Warfield mhw at WittsEnd.com
Mon Sep 12 12:36:30 EDT 2011


On Mon, 2011-09-12 at 11:59 -0400, Erik Mathis wrote: 
> Use denyhosts. Simple and really easy to use.

> On Mon, Sep 12, 2011 at 11:05 AM, David Hillman <hillmands at gmail.com> wrote:
> > According to the PortSentry logs for my server, I have received thousands of
> > connection attempts via SSH port 22.  Of course, that is not the port the
> > real SSH service is listening on. Logins were also disabled for root.
> > What's interesting is the IP addresses all belong to Serverloft
> > (www.serverloft.eu); most attempts came from 188.138.32.16
> > (loft4385.serverloft.eu).  I am guessing someone with a few VPS boxes has
> > nothing better to do than use up network bandwidth to terrorize the rest of
> > us.  Or, maybe those boxes have been compromised.
> > I have e-mailed the folks over over at Serverloft, but I don't expect
> > anything of it.  Is there anything else I can do?

Hold the phone here!

You guys are trying to over engineer this.  Read what the OP wrote.

He's got ssh running on a different port already.  fail2ban and
denyhosts will do nothing that port sentry (and I'm assuming that's the
old Abacus Port Sentry) and simple firewall rules won't do.  All he's
seeing is connection ATTEMPTS.  There's nothing there to connect to so
all he's seeing is Port Sentry logging noise.  You've got it blocked
already and the service isn't running there anyways.  You don't want the
noise, stop logging it.  That's all.  You can't stop the attempts.  But
the attempts don't result in any connections.  Nothing more to do.  Move
on.

Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110912/88663dea/attachment.bin 


More information about the Ale mailing list