On Fri, Jan 13, 2006 at 01:37:35PM +1300, Andrew Errington wrote: > admittedly small, traffic. Multiply this up by several attempts per day I > end up with a measureable amount of network traffic eaten by hacking > attempts. I'm paying for this!
It's a feature of capitalism ... :-) The ISP can get away with charging you for traffic that is, essentially, unanswered ... Telecom would love to charge you for every incoming call, even if it's not answered. Same thing. > I suppose if I turned the port off then there would be only one attempt at > my IP address per hacker- if they didn't get an ssh response they would > move on. Indeed - only one packet incoming (the SYN) and by default one in response indicating a closed port (RST), or nothing if the incoming SYN has been dropped by your firewall. However, a rejected ssh session won't really use many packets earlier. Anyone care to observe one and report back? I'd guess about 10 packets to account for the ssh negoriation, plus 7 for set-up and tear-down ... So I guess that's a 10-fold reduction in traffic per attempt if you don't have an ssh service ... -jim
