http://www.fail2ban.org/
2014-08-10 10:18 GMT-07:00 Jon Lewis <jle...@lewis.org>: > On Sun, 10 Aug 2014, Gabriel Marais wrote: > > I have been receiving some major ssh brute-force attacks coming from >> random >> hosts in the 116.8.0.0 - 116.11.255.255 network. I have sent a complaint >> to >> the e-mail addresses obtained from a whois query on one of the IP >> Addresses. >> >> My e-mail bounced back from both recipients. Once being rejected by filter >> and the other because the e-mail address doesn't exist. I would have >> thought that contact details are rather important to be up to date, or >> not? >> > > Why? > > > Besides just blocking the IP range on my firewall, I was wondering what >> others would do in this case? >> > > I've been blocking SSH from random IPs for many years. Unless you have to > run an open system that customers SSH into (unlikely in these times), my > recommendation is block SSH entirely from non-trusted networks and setup > some form of port-knocking or similar access controls such that legitimate > users can open a window to make their connection, but the rest of the world > never sees your sshd. > > Playing whack-a-mole with firewall or access log violations is a waste of > time. > > ---------------------------------------------------------------------- > Jon Lewis, MCP :) | I route > | therefore you are > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ >