On 9/19/04 1:30 PM, "martin f krafft" wrote: > Other than blacklisting the IPs (which is a race I am going to > lose), what are people doing? Are there any distinctive marks in the > SSH login attempt that one could filter on?
We are using our hosts.deny files to stop all ssh attempts from ALL IP's and then add the allowed user IP's in hosts.allow. We are also using a script similar to portsentry and logcheck called logcheckplus which seems to do well, it will immediately lock out the offending IP and notify you. It works well for dictionary attacks, ftp kiddies and more. -- David Thurman The Web Presence Group http://www.the-presence.com Web Development/E-Commerce/CMS/Hosting/Dedicated Servers 800-399-6441/309-679-0774 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
