On 11/10/2010, at 3:09 PM, Ben Donohue wrote: > Thanks all, > > I'm seeing mostly brute force password attacks on ssh. > > I've also found configserver firewall... > > Anyway still looking at what is around.
I've configured my servers to only allow 3 ssh connections a minute. It stops most brute force password attacks, but not all. When they start timing out, they usually move on. Some just slow down. There's other software like fail2ban and at least one other i've forgotten the name of. They run as root, and periodically scan the logs and insert rules to block ip addresses if they have too many failed password attempts. I decided against fail2ban in favour of rate limiting ssh connections. -- http://chesterton.id.au/blog/ http://barrang.com.au/linux/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
