Hi, * use a Firewall to prevent other IP address to connect to your ssh service. restrict just to yours (iptables script can be easy to find on the web) * use Fail2ban which can ban ssh auth failure and create iptables rules. (google can help your search about fail2ban) Third use a non standart ssh port (for example 2222) apt-get install fail2ban
Have a nice day, Greg > Hi all, > > since two days (approx.) I'm seeing an extremely high number of apparently > coordinated (well, at least they are trying the same list of usernames) > brute > force attempts from IP addresses spread all over the world. I've got > denyhosts > and an additional iptables based firewall solution in place to mitigate > these > since quite some time already and this seems to do the trick in terms of > blocking them fairly quickly. > > Nevertheless, I'd like to do something about it more proactively, so I > also > contact the abuse mailboxes as obtained from whois. From time to time I do > even > see responses stating that counter measures have been taken. In the > current > case, however, there rather seems to be a need for some more coordinated > action > instead of contacting the ISPs for each single IP -- this host might get > blocked/shut down, but there is little hope of a more thorough > investigation, > trying to get closer to the root of these attacks. > > Well, probably I'm pretty naive in hoping that one could do anything about > that > at all, but maybe some of you are more experienced in security > issues/dealing > with CERTs, etc. and have some ideas what could be done. > > Further, what do you guys do about such attacks? Just sit back and hope > they > don't get hold of any passwords? Any ideas are welcome... > > Thanks, > Michael > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
