>>> On 7/8/2015 at 02:38 PM, Rick Troth <r...@casita.net> wrote:
> If the system in question is externally facing, it's likely that you're > getting hit by a brute force attack. It is common. (Picture vagrants > walking down your street trying every door, with a ring of door keys, > just for analogy.) > > Some shops and individuals employ tools to make note of the incoming > addresses (like you suggested) of these rogue actors and block them. If > an IP address demonstrating a lot of failed logins turns out to be for > an internet cafe in Kathmandu, and the system in question does not > support business there, it's a good idea to block it. My mother-in-law's Linux system has a list of blocked IP address and ranges of IP addresses. The list in total contains 89,000+ entries. Some of those entries are entire class B subnets. Nine of them are /10 networks. Lots and lots of bad actors out there. Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/