ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers - eviltoast

From The Hacker News

  • Daklon@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    If I’m bruteforcing a server and each time that I try an username/password my IP gets banned but suddenly one combination allows me to do 4-5 test ( any bigger number than previously) you are potentially telling me that this user is different (it exists) than the previous ones. Therefore you are doing the attack easier for me because now I know which users actually exist in the machine. It doesn’t matter if you are locking the attacker after the password was given.

    As others told you, using public key auth, non standard ports or even port knocking will be much more useful.