On Tue, 9 Mar 2010 12:39:42 -0500 "Justin C. Sherrill" <[email protected]> wrote:
> On Tue, March 9, 2010 12:16 pm, Walter wrote: > > > I don't understand how blocking an IP that has had > > a hundred failed login attempts in the last ten > > minutes could create a DoS hole... > > I bet each firewall out there has an accompanying script to do this - it's > a common problem. There was even something with it for DragonFly: > > http://www.shiningsilence.com/dbsdlog/2005/03/04/984.html > > Moving ssh to a nonstandard port (to keep your logs clear) and using > keyfiles instead of passwords appears to be the best bet, at this point. Definitely - and for those occasions where you want to be able to access from places you don't want to put your private keys - opie. -- Steve O'Hara-Smith | Directable Mirror Arrays C:>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
