Heads up: Brute force attacks on the rise recently

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It seems in the past month brute force attacks are on the rise. They are
targeting anyone listening on port 22 and go after root. If you do not
have a hardened box, you will see thousands upon thousands of
connections in your logs. Once logged in they will set your system up in
their botnet.

Google: dt_ssh5
This little baby will get placed in /tmp and will be running. Looks to
be a SSH gateway for the attackers for easy access/control.

-Make sure your root password is not a dictionary word.
-Add iptables rules to limit multiple connections on SSH to 4 within a
minute.[1] Perhaps this needs to become a Fedora default.
-Update your system.
-Use SELinux.

Why am I sending this message? Is it SPAM? No. I've seen this hit a
customer and cause an explosion in their network traffic. The backdoor
was installed on Sept. 30th and was not detected until recently. Google
results seem to indicate this past month with higher than normal brute
force activity.

[1]
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent
--set --name DEFAULT --rsource

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux