-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
David Thurman wrote: | On 9/19/04 1:30 PM, "martin f krafft" wrote: | | |>Other than blacklisting the IPs (which is a race I am going to |>lose), what are people doing? Are there any distinctive marks in the |>SSH login attempt that one could filter on? | | | We are using our hosts.deny files to stop all ssh attempts from ALL IP's and | then add the allowed user IP's in hosts.allow. | | We are also using a script similar to portsentry and logcheck called | logcheckplus which seems to do well, it will immediately lock out the | offending IP and notify you. It works well for dictionary attacks, ftp | kiddies and more.
Just change your sshd port and don't worry about it. :/
- -- Ryan Carter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBTt9MidqUDin6C5IRAvwwAJ4qDXiVFlte4cy3ICo7oDaUBjfkVQCeOBp6 b634sp2ObvS/2lUFgyJxFJ8= =WZvf -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
