On Tuesday 13 September 2005 05:52 pm, Derek Juba wrote: > If you're only expecting users from certain IP ranges (say, your home IP > and UMD labs), blocking all other IP ranges might not be a bad idea. If > you want this to be some kind of public server, however, I agree that > blocking IP ranges probably isn't the way to go- today it's Asia, tomorrow > it's Europe... This is what strong passwords are for.
I agree, the purpose of the server has everything to do with your response to these kinds of situations. When I managed some servers in a production environment I did exactly that -- blocked entire networks from networks other than ARIN. That was because we had no users, guests, audience, etc. from those areas and they had no need to use our services anyway. I'm not sure how to implement it with ssh, but you might be able to put in a delay response time for connecting or for authenticating. That way they will at least have a harder time using up your resources. Angelo
