[nycbug-talk] another thread: sshd zombie attacks
Jerry B. Altzman
jbaltz at 3phasecomputing.com
Tue May 19 20:34:21 EDT 2009
on 5/19/2009 7:32 PM George Rosamond said the following:
> I was convinced of it not because of "security by obscurity" (please,
> don't bait with that), but because I heard cases of disk i/o going
> through the ceiling under such attacks (in the ddos version of the
> attack), and switching the listening port quickly changed it. This is
> *without* various scripts, firewall rules, etc., having the hassle and
> the associated overhead in those respective cases.
I can verify -- this happened *to me*. We had strange load spikes on
machines that would otherwise be unused...and we saw *hundreds* of
*simultaneous* inbound ssh attempts.
Moving ssh to port .ne. 22 solved that problem in a jiffy.
> Is it defense against crackers or future mutations of the zombie
> attacks? No. . . but then use public/private ssh keys, strong passwds,
> firewall rules, etc. Measure and counter-measure, with a lot of layers
> before that.
This was JUST TO FIX THE DOS problem. We didn't delude ourselves that it
would deter someone committed to hacking in.
> George
//jbaltz
--
jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405
More information about the talk
mailing list