On 7/6/06, Bharj, Gagan <[EMAIL PROTECTED]> wrote:
Our server is getting hammered on a daily basis by IPs trying to open an ssh session.
The archives contain a myriad of options to mitigate the effects of brute force attacks, etc. This topic has been (repeatedly) beaten to death on this list, including during this week. I recommend you look at the archives :)
Currently, I'm manually putting the subnets (in a pf table) that are repeatedly trying to get in. As you can see, this list will eventually get very big and will be unmaintainable.
And it will eventually shut out valid users who happen to come in from a network that once had someone naughty on it who probed your system. Cheers, Rogier -- If you don't know where you're going, any road will get you there.