Threat Level: green Handler on Duty: Brad Duncan

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SSH password authentication insight and analysis by DRG

Published: 2010-09-07
Last Updated: 2010-09-07 13:59:34 UTC
by Bojan Zdrnja (Version: 1)
5 comment(s)

We've been writing about SSH brute force attempts for numerous times already. A lot of security researchers are collecting various information about such brute force attacks and numerous other tools exist that can prevent or block them.

DRG (Dragon Research Group), which is a volunteer research organization dedicated to further understanding of online criminality and to provide actionable intelligence for the benefit of the entire Internet community, last month published a very nice paper about such SSH brute force attempts. Among the other things, the paper lists a whole bunch of tools that can be used in order to limit or block SSH brute force attempts, and configuration recommendations that will help you increase security of your SSH installations. Check the paper at

Additionally, DRG is also publishing a list of IP addresses of SSH attackers that were detected on various pods DRG uses, that are spread around the world. This list is available at

DRG also created a very cool tag cloud showing most common usernames and passwords that have been tried in latest SSH brute force attacks. The cloud is available at - check it make sure there aren’t any of your passwords there :). Both the list and the cloud are updated every hour.

More information about DRG is available at and I’m sure they could use more pod runners.


Keywords: brute force drg ssh
5 comment(s)
Diary Archives