Move ssh to a non-standart port + fail2ban - best solution.
On 10 Aug 2014, at 22:20, Christopher Rogers <phi...@phiber.org> wrote: > http://www.fail2ban.org/ > > > > > 2014-08-10 10:18 GMT-07:00 Jon Lewis <jle...@lewis.org>: > >> On Sun, 10 Aug 2014, Gabriel Marais wrote: >> >> I have been receiving some major ssh brute-force attacks coming from >>> random >>> hosts in the 116.8.0.0 - 116.11.255.255 network. I have sent a complaint >>> to >>> the e-mail addresses obtained from a whois query on one of the IP >>> Addresses. >>> >>> My e-mail bounced back from both recipients. Once being rejected by filter >>> and the other because the e-mail address doesn't exist. I would have >>> thought that contact details are rather important to be up to date, or >>> not? >>> >> >> Why? >> >> >> Besides just blocking the IP range on my firewall, I was wondering what >>> others would do in this case? >>> >> >> I've been blocking SSH from random IPs for many years. Unless you have to >> run an open system that customers SSH into (unlikely in these times), my >> recommendation is block SSH entirely from non-trusted networks and setup >> some form of port-knocking or similar access controls such that legitimate >> users can open a window to make their connection, but the rest of the world >> never sees your sshd. >> >> Playing whack-a-mole with firewall or access log violations is a waste of >> time. >> >> ---------------------------------------------------------------------- >> Jon Lewis, MCP :) | I route >> | therefore you are >> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ >>