Quando controllo il mio log, ho trovato come 15k eventi di "PAM service (sshd) ignorando i tentativi massimi; 6 > 3"
So che potrebbe essere normale e considerato un attacco Brute-Force, ma può essere classificato come tentativo DoS?
Esempio di registro:
| 8864611 | eros | 2014-08-11 18:18:38 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8865352 | eros | 2014-08-11 18:46:59 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8865364 | eros | 2014-08-11 18:47:13 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8865693 | eros | 2014-08-11 19:00:39 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8865700 | eros | 2014-08-11 19:01:55 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8865706 | eros | 2014-08-11 19:02:11 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8865716 | eros | 2014-08-11 19:02:28 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8866965 | eros | 2014-08-11 19:59:47 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8867068 | eros | 2014-08-11 20:00:18 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8896353 | eros | 2014-08-12 17:31:33 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8896363 | eros | 2014-08-12 17:31:49 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8901992 | eros | 2014-08-12 21:40:48 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8902001 | eros | 2014-08-12 21:41:03 | PAM service(sshd) ignoring max retries; 6 > 3 |
| 8902007 | eros | 2014-08-12 21:41:18 | PAM service(sshd) ignoring max retries; 6 > 3