How to Analyzing malicious SSH login attempts and secure the system

Posted on in Categories Linux, Security last updated September 12, 2006

Using honeypot you can monitor and learn more about malicious SSH login.

From the article:
Malicious SSH login attempts have been appearing in some administrators’ logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one’s system against these attacks.

Read more at securityfocus

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on:

1 comment

  1. A honeypot isn’t even needed – an active web server with logging enabled seems to attract *plenty* of malicious login attempts. Provided the server is hardened well enough to avoid compromise, this may yield more accurate results than a honeypot that many adversaries recognize.

    Reply Report comment

Leave a Comment