I was checking my authlog today and noticed the following series of brute force login attempts:
Nov 1 01:37:04 solar sshd[8173]: Failed password for root from 58.211.1.163 port 8895 ssh2 Nov 1 01:37:04 solar sshd[10692]: Received disconnect from 58.211.1.163: 11: Bye Bye Nov 1 01:37:06 solar sshd[6273]: Failed password for root from 58.211.1.163 port 9052 ssh2 Nov 1 01:37:06 solar sshd[21047]: Received disconnect from 58.211.1.163: 11: Bye Bye First off login as root is disabled, so not much they can do here, but I'd like to try and setup up some kind of throttling protection for these sorts of attacks. Unfortunately they keep changing ports, so the traditional port 22 protection isn't going to work. I'm wondering if there's something similar to spamd for sshd that can handle this sort of throttling before handing off to the real server, or if sshd has some functionality to do that on its own. Thanks ahead of time for any suggestions. - Onteria
