Paul Hartman wrote: > I think using Dmitry's idea of rejecting the first 2 connections, but > then allowing it as normal on the third attempt would satisfy your > requirements for being on the normal port, allowing all IPs and > requiring no special setup on the client end (other than knowing they > have to to retry twice). > Erm - surely I either need to set up my client to port-knock... which is a faff I'd rather avoid... in order to use the technique. Port knocking would be especially infuriating from trusted clients where I'd like to use standard software like WinSCP; Putty; Symbian Putty - etc.
While I recognise port knocking as a valuable strategy in some circumstances, it seems a very bad fit for my needs. GEO-IP blocking would be fairly good... if I could limit this to password authentication only - as would blacklisting known bot-net participants. While these exotic ideas are interesting - a better way to identify malicious hosts is, by far, my preferred solution.
