[UCI-Linux] ssh probes

Mike Iglesias iglesias at uci.edu
Tue Dec 9 16:23:25 PST 2014


We're seeing a lot of ssh probes today - they are poking at systems a few
times, going away for a while, and then trying another system.  There are at
least several hundred IPs doing this.

If you have ssh open at the border, your system may be at risk due to easily
guessed passwords.  You might consider running something like fail2ban
(http://www.fail2ban.org) to block hosts with repeated login failures, only
allowing inbound ssh from known good addresses, or turning off ssh access at
the border and using the campus VPN to get to your system.

We may have at least one system that has been compromised via ssh today.
Don't let yours be added to that list...


-- 
Mike Iglesias                          Email:       iglesias at uci.edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270


More information about the UCI-Linux mailing list