Security experts are warning about a fresh round of attacks against SSH implementations. The attacks are brute-force attempts to authenticate to remote SSH servers, a tactic that has been used quite often in the past in distributed attacks.

The attacks, which the handlers at the SANS Internet Storm Center have been following, are simple and have a simple goal: gain access to the remote SSH server. The attacks often come from a slew of different IP addresses and may come one right after another, with a number of attempts within a few minutes.

The source IP addresses vary with each new attempted username in the wordlist, which would indicate that the attempts are distributed through botnet(s). It only takes a single user with a weak password for a breach to occur, then with that foothold escalation and further attacks are likely next.

To secure your server against such attack, see the following post

How to safeguard the servers against SSH Brute Force Attacks

The Source:

Post By Editor (2,827 Posts)

Website: →