[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Blocking SSH attackers

Stephen R Laniel said:
> As with a lot of other people, I've noticed lots of attacks
> on SSH recently. Just yesterday, my company got 1,611 failed
> ssh logins within an hour.
> Two questions, then -- one specific and one general:
> 1) What do y'all use to block attackers like this? It seems
>    to me that anyone who tries to login with a nonexistent
>    login name should be blocked immediately, for at least an
>    hour. Anyone who tries to login as an account like root,
>    and fails more than once, should be similarly blocked. I
>    can imagine encoding certain 'block policies', and
>    writing something based around hosts.deny that enforces
>    it. Is there an accepted "best practice" that works like
>    this?

I just recently started using iptables to do this. It's worked really
well for me so far. See the debian-isp archive link below.




Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: