ich habe eine Nachfrage zu dem dropbear-Patch.
Anbei einmal die Grafik zur Auslastung meiner Box. Zu dem Zeitraum, in dem die Auslastung andauernd sehr hoch ist, finden sich im syslog folgende Informationen en masse:
.
Meine Frage dazu ist, ob der Patch eine solche Auslastung während eines Angriffs auf dropbear nicht verhindern sollte?
Anbei einmal die Grafik zur Auslastung meiner Box. Zu dem Zeitraum, in dem die Auslastung andauernd sehr hoch ist, finden sich im syslog folgende Informationen en masse:
Code:
Jun 27 03:17:01 fritz cron.err crond[1004]: USER root pid 24347 cmd telnet localhost:25
Jun 27 03:17:05 fritz authpriv.warn dropbear[24349]: login attempt for nonexistent user from 125.69.132.104:59134
Jun 27 03:17:06 fritz authpriv.info dropbear[24349]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:59134
Jun 27 03:17:09 fritz authpriv.warn dropbear[24350]: login attempt for nonexistent user from 125.69.132.104:60812
Jun 27 03:17:10 fritz authpriv.info dropbear[24350]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:60812
Jun 27 03:17:14 fritz authpriv.warn dropbear[24351]: login attempt for nonexistent user from 125.69.132.104:33996
Jun 27 03:17:14 fritz authpriv.info dropbear[24351]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:33996
Jun 27 03:17:18 fritz authpriv.warn dropbear[24366]: login attempt for nonexistent user from 125.69.132.104:35813
Jun 27 03:17:19 fritz authpriv.info dropbear[24366]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:35813
Jun 27 03:17:22 fritz authpriv.warn dropbear[24368]: login attempt for nonexistent user from 125.69.132.104:38033
Jun 27 03:17:23 fritz authpriv.info dropbear[24368]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:38033
Jun 27 03:17:27 fritz authpriv.warn dropbear[24369]: login attempt for nonexistent user from 125.69.132.104:40101
Jun 27 03:17:27 fritz authpriv.info dropbear[24369]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:40101
Jun 27 03:17:33 fritz authpriv.warn dropbear[24370]: login attempt for nonexistent user from 125.69.132.104:42306
Jun 27 03:17:33 fritz authpriv.info dropbear[24370]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:42306
Jun 27 03:17:37 fritz authpriv.warn dropbear[24371]: login attempt for nonexistent user from 125.69.132.104:44904
Jun 27 03:17:38 fritz authpriv.info dropbear[24371]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:44904
Jun 27 03:17:41 fritz authpriv.warn dropbear[24372]: login attempt for nonexistent user from 125.69.132.104:46914
Jun 27 03:17:42 fritz authpriv.info dropbear[24372]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:46914
Jun 27 03:17:46 fritz authpriv.warn dropbear[24373]: login attempt for nonexistent user from 125.69.132.104:49063
Jun 27 03:17:46 fritz authpriv.info dropbear[24373]: exit before auth: Max auth tries reached - user 'is invalid' from 125.69.132.104:49063
Meine Frage dazu ist, ob der Patch eine solche Auslastung während eines Angriffs auf dropbear nicht verhindern sollte?