On Tue, Sep 13, 2005 at 05:35:01PM -0400, Michael Wasser wrote: > So the other day I was sifting through some of my linux server logs and > I discovered that someone has been trying to crack my server. I am > under the impression they are currently only trying to log in via ssh. > Here is a sample from my logs to get an idea:
Short answer: you could, but I wouldn't. long answer: If your criteria for blocking countries is that someone from there has probed you, you are going to need to block a lot more than Asia ;-( There are just simply lots and lots of compromised machines on the network, spread all over the world. It sucks, but blocking whole countries doesn't stop the problem[1]... Fun reading along this line is: http://www.honeynet.org/papers/bots/ - Rob . PS Unless they are Brazil, but hopefully no one here remembers that incident response story ;-)
