I was recently reading an article that indicated that there is an increase in the amount of brute force attacks against SSH.
I see a lot of computers on my network that are using SSH. I am of the opinion that if you are not a network administrator you probably should not be running any servers. What happens is “dynamic customer A” installs an SSH server on his computer and somewhere down the road forgets about it. Now, several patches have been released and months have passed. It now becomes a vulnerability to customer “A” and to the ISP that is providing the service. Along comes a naughty character who scans the network at 1 AM. Finds Customer “A” is running the long forgotten SSH server and “Brute forces” his way into the computer. Once in, he can access all the logs, set up mail servers and at the least reak havick to the client. A few days later Customer “A” is shut down by their ISP for millions of emails that have been generated from their network. Once briefed, the customer can be reinstated. and in most cases has no idea what allowed the spam to be sent through their network.
Long story short, if you are going to be playing with servers on your computer/network. Be leary about letting them be seen outside of your network.
Tags: http://asert.arbornetworks.com/2008/12/distributed-ssh-
