> This must be a new record for me. Two posts in under 10 minutes. I'm sick of > getting portscanned. I have my firewall forwarding ports 80, 110, 143, 22, and > 25 to my server. Other than that, it's shutdown. However, someone (69.72.229.26) > insists on scanning and then trying to crack the server. I have an sshd log full > of this character tryin to crack using a gazillion user/pass combos. There > hasn't been a successful login from this IP yet but it is truly annoying. Is > there anything that yall do or would suggest doing when you realize someone is > trying to break into your box?
Block the ip address at the firewall. Applying the tarpit patch and tarpitting tcp connections instead of rejecting them or dropping them can help slow down scans (although the most recent windows viri/worms have many threads scanning at once so if one gets stuck, the others still run). >>>------> -- +-------------+-----------------------+---------------+ | Ed Schaller | Dark Mist Networking | psuedoshroom | +-------------+-----------------------+---------------+
signature.asc
Description: Digital signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
