On Sun, 15 Jan 2012 12:54:51 -0500 "Walter Dnes" <waltd...@waltdnes.org> wrote:
> On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote > > > This is nothing like changing the port for SSH - a port scanner can > > figure that one out in seconds... > > A real BOFH would set up a dummy instance of sshd on the regular > port, as well as a real sshd instance on another port. The dummy > instance could be set up to always fail the login attempt, and with > special iptable rules to not clutter up your logfile. > Actually a real sysadmin[1] would run ssh standardly plus OSSEC with active rules and dynamically block our Chinese friends [1] "real sysadmin" being defined as the quintessentially lazy dude who is really not into causing himself pain or doing anything that would increase support tickets in his inbox -- Alan McKinnnon alan.mckin...@gmail.com