defence in depth: They know that a system running ssh resides at this address so they can move onto probing for other weaknesses, you have already identified them as probing for a known vulnerability - so why take a chance that the next probe they do will hit on an unpatched, unknown hole? And as far as ssh goes, if they can try one password, they can try more and may get "lucky".
They have been identified, dont let them keep on trying each door handle or window looking for any left unlocked. Lastly, are you absolutely, without qualification sure that you, or another user has not (even accidentally) run an app that is leaving the system vulnerable, that all passwords are 100% secure and unguessable, or that you have patched all known or *unknown* holes ... I thought not! BillK On Mon, 2005-10-10 at 12:55 +0800, Taka John Brunkhorst wrote: > nice but why do we need to block them? > ssh worms? or just lamers? > > -- > [EMAIL PROTECTED] > Taka John Brunkhorst -- [email protected] mailing list
