[UCI-Linux] ssh probes
iglesias at uci.edu
Tue Dec 9 16:23:25 PST 2014
We're seeing a lot of ssh probes today - they are poking at systems a few
times, going away for a while, and then trying another system. There are at
least several hundred IPs doing this.
If you have ssh open at the border, your system may be at risk due to easily
guessed passwords. You might consider running something like fail2ban
(http://www.fail2ban.org) to block hosts with repeated login failures, only
allowing inbound ssh from known good addresses, or turning off ssh access at
the border and using the campus VPN to get to your system.
We may have at least one system that has been compromised via ssh today.
Don't let yours be added to that list...
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Office of Information Technology FAX: 949-824-2270
More information about the UCI-Linux