Lately I've been noticing a large number of dictionary attacks against my ssh port. That port is DNAT'ed to an internal webserver that hosts a number of domains. The owners of those domains regularly login via ssh to work on their sites.
My LEAF box (an old 486 machine) sees the incoming ssh connection attempts and routes them to the webserver, which rejects them for having bad passwords. So, what is the best recommended defense? Ideally, I would like to find something like portsentry that could sit on the LEAF box, see the excessive connections from one address and automatically drop it into my shorewall blacklist. However, I'm not sure how to go about doing this, or what LEAF tools are available. Any recommendations? ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
