[EMAIL PROTECTED] wrote: > Hi, > >> Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher >> from 77.46.152.2 port 55120 ssh2 > > user/password authentication for SSH? one way of cleaning up your > logs and killing this type of attack is to reconfigure your OpenSSH > to only allow key based logins. stopped my 10M+ logfiles straight away
An even better way is to punt the attackers to a 'silent drop' table in your firewall. Cuts your logs to nothing and keeps the kiddies wasting their time. The latest attack surge is either directed or a bit more clever, haven't seen anything on my random user DSL traps. -- // hdw _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
