On Sun, 2009-11-08 at 14:18 +0100, n dhert wrote: > > But now I see my machine is SSH Brute force attacked (someone is > trying to login with all possible first names from the alphabet) but > by continously changing IP source address,
Ayup. Wave hello to the botnet network. > so > Limit:... does not help I guess, since this limits the number of SSH > requests for a same IP address... > > In the last 3 months some 13.000 tries ( "Invalid user" in > my /var/mail/root) have been done coming from 1.750 different IP > adresses :-(( So why not just do what the rest of us do and change the port you use for SSH to something other than 22. Sure, it's totally security-through-obscurity but security is never absolute. It's just about making your premises harder to get into than your neighbour's. Fortunately, unless you are a specific target for some reason, thieves are lazy and will look for the lowest hanging fruit. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
