G-Stress Posted June 7, 2012 Share Posted June 7, 2012 Hey guys. I just happen to witness someone trying to brute my ssh connection. I hop on the server and notice my winsshd event/logs are notifying me like crazy of someone trying to log in with username root, but fails. I did an nslookup on the ip and this was the output Name: 67-23-32-241.static.cloud-ips.com Address: 18.104.22.168 I immediately turned the port forward off, but I'm curious how would a sysadmin approach such an issue? Instead of turning off my port forward, is there a way I can say block an ip if it fails after so many attempts or such? Also I'm curious how this "user" was trying to brute me using the cloud I assume judging from the lookup result? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.