× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I don't know of any exit points for the SSH demon. What we use is an IPS module in our firewall. It detects the attack profiles and just starts dropping the packets at the edge of our network. Our internal systems never see the attacks.

But if you cannot change or upgrade your firewall to add that capacity, I would look for exit points for the SSH demon.

Chris Bipes
Director of Information Services
CrossCheck, Inc.


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Aaron Bartell
Sent: Thursday, February 11, 2016 7:29 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Block SSH brute force

I have a machine that consistently has high CPU for SSH jobs(n3) so I set
up logging(n1) to find the culprit. Turns out China is working overtime to
get into this machine. SSH is configured to require keys and disallow
passwords (and other sshd_config settings) so I am not too concerned about
a breach(n2), but the CPU consumption is annoying.

I have a vCloud network appliance sitting in front of the IBM i and
configured a DENY rule for the specific China IP address, but at the end of
the day I still need to allow SSH from a variety of IP addresses.

Are there ways, on IBM i, to automatically blacklist IP addresses that
attempt to log in with "root"?

What do others employ to stop this in a more automatic fashion?


n1 - http://bit.ly/N1014301
n2 - with the exception of the most recent vulnerabilities

n3...
Work with Active Jobs
02/11/16
CPU %: 16.6 Elapsed time: 00:00:00 Active jobs: 205
Current
Opt Subsystem/Job User Type CPU % Function Status
QP0ZSPWP QSECOFR BCI 13.8 PGM-sshd RUN


Aaron Bartell


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.