> I don't know how many of you have noticed this, but my mailserver has become > the victim of what seems to be a new kind of dictionary attack.
I have not been paying much attention to your mailserver. ;-) > Has anyone else seen this sort of thing, and what have you done to mitigate > this? For the record, I know about ssh keys, and it's in fact setup on > other machines, but for various reasons, I can't enable it just yet on this > one. Security is always a trade-off. I've heard many reasons why keys don't work for various situations and very few of them make any sense. Whatever reason people say, it is really almost always a matter of very slight inconvenience. But ok, no keys for now... Do you really need to allow ssh through your firewall from everywhere in the world? Probably you don't. Allow it from where you need it and block elsewhere. Can you use authpf to only allow other ssh connections by authorized IPs? There are other ways, I'm sure. Pretty much all of the ways I like will have one thing in common: deny all by default and allow specific approved hosts/networks. The other way, the popular way, is to try to put individual hosts in a blacklist for bad behavior. There are too many script kiddies and zombie machines for that to be effective. -- Darrin Chandler | Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation [demime 1.01d removed an attachment of type application/pgp-signature]
