http://isc.sans.edu/diary.html?storyid=9034
http://www.dreamhoststatus.com/2010/06/19/ssh-connection-issue-affecting-servers/
Looks like a change on the force attack to attempt also to use auth keyboard-interactive in their methods.
I have two days seeing at my server logs from denyhosts… but looks like it’s bigger than I thought.
El Cuchitril es una obra por Víctor Martínez disponible bajo una
licencia de Creative Commons
A menos que se afirme lo contrario, todas las opiniones aquí vertidas son la expresión de quien firma y no necesariamente expresan el sentir de los proyectos, empleador, instituciones afiliadas o asociados de quien escribe.
A menos que se afirme lo contrario, todas las opiniones aquí vertidas son la expresión de quien firma y no necesariamente expresan el sentir de los proyectos, empleador instituciones afiliadas o asociados de quien escribe.
Unless otherwise noted, the views expressed on this website are those of the author and are not necessarily representative of his affiliated institutions, projects, committees, publishers or employers.
When I had my last wave of such attacks, I moved the ssh service to a high port (of course, that is not always an option) and rate-limited with iptables to four connections per minute (except from trusted networks, as it is a PITA when it bites you!)
It really helped.