another way of protection is throttling down TCP SYN attempt rate per IP address. At least it will save you some CPU, as the SSH daemon won't have to process every request:
https://txlab.wordpress.com/2013/06/29/protecting-a-vpbx-from-dos-attacks/ On Mon, Jul 2, 2018 at 11:25 AM, Tobias Oetiker <t...@oetiker.ch> wrote: > Good Morning > > are you running an ssh daemon on non standard ports to avoid some of the > drive-by-scanning ? we have been doing that for quite some time now with > great reduction of scanning noise ... since yesterday this has changed ... > we are getting a lot of connection attempts ... > > are you seeing this too ? is someone actively looking for ssh across the > whole port range or is this 'personal' ? > > cheers > tobi > > -- > Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland > www.oetiker.ch t...@oetiker.ch +41 62 775 9902 > > > _______________________________________________ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > -- Stanislav Sinyagin Senior Consultant, CCIE #5478 ssinya...@k-open.com +41 79 407 0224 _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
