Tattle

Sodaphish.com has a nice script that attempts to automatically notify domain authorities of machines in their domain that are actively performing SSH brute-force attacks. A nice tool to have in your arsenal to protect your network.

Recent SSH Brute-Force Attacks

Whitedust has a good article focusing on the recent rash of Brute Force attacks. The attacks haven't been an outbreak, but there has been someone trying to brute force their way into a good number of servers. The nice thing about this article is the solutions and conclusions that the authors provide. The solutions can be broken into denying Root Login, audit the logs for which names are beign used by the hackers, tracking down the domain authority from which an attack is being launched from, and finally changing the port number that someone uses.