[nycbug-talk] another thread: sshd zombie attacks

[Andy Kosela]

"Jerry B. Altzman" <jbaltz at 3phasecomputing.com> wrote:

> on 5/19/2009 7:32 PM George Rosamond said the following:
> > I was convinced of it not because of "security by obscurity" (please, 
> > don't bait with that), but because I heard cases of disk i/o going 
> > through the ceiling under such attacks (in the ddos version of the 
> > attack), and switching the listening port quickly changed it.  This is 
> > *without* various scripts, firewall rules, etc., having the hassle and 
> > the associated overhead in those respective cases.
>
> I can verify -- this happened *to me*. We had strange load spikes on 
> machines that would otherwise be unused...and we saw *hundreds* of 
> *simultaneous* inbound ssh attempts.
> Moving ssh to port .ne. 22 solved that problem in a jiffy.

Fix your firewall.  That issue has been discussed here before and I will
state once again that it is dangerous opening 22/tcp to the whole world.

--Andy