Dave Platt schrieb:
>> Bad plan? Could quite easily turn into a DoS. > > If the reaction is to lock the account, I agree, it might > leave you prone to a denial-of-service attack. > > A better way would be to use iptables to start dropping > packets from the IP address(es) involved in the attack... this > will still allow the legitimate user of the account to access > it. TRUE. > The block-IP-address-only method won't defend effectively > against a "slow scan" botnet-based crack attempt, where each > password-guessing attempt comes from a different IP address > in the botnet. A lot of current SSH password-guess probes are > of this sort. I don't think there's any terribly good defense > against this except to select *good* passwords - e.g. 20 or more > alphanumeric characters selected by a good random-number generator. I second that. thanks klaus _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users