Lukasz Hejnak wrote:
> Well my way of solving this was to change the
default port for the ssh
> service to some high port, anyway !=22 which is the
default in most of
> the scans/attacks.
I'll second the port change approach. I started
noticing all the brute force attempts in my server's
logs many months ago and set up firewall rules using
the 'recent' module to block an IP after 3 failed SSH
connection attempts within one minute. It worked, but
I still found all the log entries annoying, so I tried
changing sshd to listen on a non-standard port. Since
then I haven't seen a single failed login attempt in
the logs, making auditing them again trivial.
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
--
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
