On Sunday 04 October 2009 09:16:32 Hans Witvliet wrote:
On Sat, 2009-10-03 at 19:28 -0500, David C. Rankin wrote:
Have you moved ssh to a high port yet? If you do, all noise on your ssh port will cease. Worth its weight in gold!
Untill they do a full nmap, and decide that if it's a unix machine and port-22 is not there, it might be worthwhile scanning port 2222 or so..
It's what my cert-team calls: "security through obscurity"
Fail2ban is your friend: http://www.fail2ban.org/wiki/index.php/Main_Page I use it to protect my home server against SSH and Apache attacks. Works like a charm and I don't have to use the "security through obscurity" approach by running my ssh daemon on a different port. Sure, it will stop scripted attacks, but it breaks rsync et al. I used to run denyhosts before, but Fail2ban can also check for other attacks, like authentication to Apache without much configuration. Hosts that attack me, get locked out for 24 hours, which seems long enough to convince them to stay away. For real serious offenders, which come once a month or so, I permanently block them by adding them to /etc/hosts.deny. HTH, Joop ------------------------------------------------------------ Dit bericht is gescand op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn. Mailscanner door http://www.prosolit.nl Professional Solutions fot IT -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org