CentOS Icon CentOS Logo
CentOS Text
   
  
www.centos.org Forum Index
   CentOS Social
  Looking for statistics on intrusion attempts

 

 Bottom   Previous Topic   Next Topic
  •  Rate Thread
      Rate this Thread
      Excellent
      Good
      Average
      Bad
      Terrible
Poster Thread
  •  billbruns
      billbruns
Looking for statistics on intrusion attempts
#1
Newbie
Joined: 2006/2/25
From
Posts: 7
Hello, I am looking for statistics on intrusion attempts, especially on bogus login attempts.

OneCentOS server is experiencing about 1500 bogus login attempts every day,
to non-existent users and also to root.

What level of login attempts is being seen by others?
Posted on: 2011/11/12 22:48
Create PDF from Post Print
Top
  •  billwest
      billwest
Re: Looking for statistics on intrusion attempts
#2
Regular Board Member
Joined: 2006/11/19
From Perth, Western Australia
Posts: 122
I used to get something along those lines, until I used iptables to rate-limit the number of allowed attempts, and also used a different port (for ssh logins, which I assume are what you see).

Bill.
_________________


Local Area Network in Australia, the LAN Down Under.
Posted on: 2011/11/13 0:22
Create PDF from Post Print
Top
  •  billbruns
      billbruns
Re: Looking for statistics on intrusion attempts
#3
Newbie
Joined: 2006/2/25
From
Posts: 7
Thanks, Bill.
If I rate-limit using iptables, won't I be locked out too if someone else is exceeding the rate limit?

What I am thinking of doing is to dump all traffic from the offending IP addresses,
by harvesting those addresses from the secure log.
Posted on: 2011/11/13 3:45
Create PDF from Post Print
Top
  •  NedSlider
      NedSlider
Re: Looking for statistics on intrusion attempts
#4
Moderator
Joined: 2005/10/28
From UK
Posts: 3023
Assuming you're talking ssh, that seems very high. I typically see 3-5 attempts per day and have done so for many years.

I suggest you take a look at the following page for advice:

http://wiki.centos.org/HowTos/Network/SecuringSSH

and also take a look at the fail2ban utility which will automatically ban offending IPs after a pre-set number of failed login attempts.
_________________
CentOS - The Sysadmins Choice
ELRepo.org - The Community Enterprise Linux Repository
Posted on: 2011/11/13 5:22
Create PDF from Post Print
Top
 Top   Previous Topic   Next Topic

 

 You cannot start a new topic.
 You can view topic.
 You cannot reply to posts.
 You cannot edit your posts.
 You cannot delete your posts.
 You cannot add new polls.
 You cannot vote in polls.
 You cannot attach files to posts.
 You cannot post without approval.




"Linux" is a registered trademark of Linus Torvalds. | All other trademarks are property of their respective owners. | All other content is Copyright @ 2004-2009 by the CentOS Project or "each individual contributor (forums, comments, etc.) unless otherwise assigned".| Theme based on a theme by 7dana.com