6 Feb
2006
6 Feb
'06
15:45
Steven T. Hatton wrote:
I believe this indicates someone is trying to break into my system. Is there a way to deal with this kind of attack? Other than turning off ssh, that is.
This has been discussed in the past - I've seen several different solutions such as: 1) banning attackers by IP-address after a sufficient number of failed login attempts.. Essentially scanning /var/log/messages and doing iptable updates (or hosts.deny updates). 2) having iptables do some magic to count number of connects, and disallowing after a threshold is reached. /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.