> From: martin f krafft > > but somehow am not comfortable to just do it, which is why I am > asking for opinions, advice, and feedback from you guys. Would you > be able to think of reasons why I would *not* want to do that?
I came up against the same issue some time ago and decided to move my sshd to a non-standard port. This dramatically reduced the number of log entries, and I see hardly any login attempts logged. I also updated my snort rules with the new port. This works for me. I'm also considering setting up a specific iptables rule to log the ssh hits separately, but there aren't enough to bother with that so far. I figure this setup eliminates the automated ssh exploits, which is the bulk of it. This won't keep someone enterprising cracker from scanning for the actual port and then attempting exploits, but this should leave more evidence to the effect. my 2 cents, jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
