On Monday 16 July 2007, G T Smith wrote: > The real problem starts when the attacker hits pay dirt, the entries I > would worry about are the ones that are not in the log.
Paydirt? You mean like guessing BOTH the account name and password? The chances of this are vanishingly slim with reasonable password scheme. Limiting source IPs is also a pretty lame option in my opinion. The reason you have ssh is so you don't have to be somewhere special to perform routine maintenance. The best option is rate limiting connections. Shorewall does this easily but I suppose the suse firewall could do it as well. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
