Blog | G5 Cyber Security

SSH Brute Force Attacks Resurface

The attacks are brute-force attempts to authenticate to remote SSH servers, a tactic that has been used quite often in the past in distributed attacks. The attacks often come from a slew of different IP addresses and may come one right after another, with a number of attempts within a few minutes. It only takes a single user with a weak password for a foothold escalation to occur, then with that foothold escalation and further attacks are likely next. The SANS ISC recommend that organizations deploy their SSH servers on a port other than TCP 22 and disallow remote root logins as preventitive measures.

Source: https://threatpost.com/ssh-brute-force-attacks-resurface-061810/74128/

Exit mobile version