Re: stopping ssh attacks
On Thu, 2005-06-16 at 09:05 -0500, Thomas Stivers wrote:
> I have been getting a huge number of attempts to log into my box via ssh
> which fail with invalid username entrys in the logs. Is there already a
> package which will let me look through the logs and dynamically add
> iptables rules to drop anything from these scanning addresses after
> something like 3 attempts. I know I can set up hosts.allow and
> hosts.deny to only allow ssh in from particular ip's, but I'd rather not
> do that. Any suggestions would be appreciated.
>
I set up sshd_config to use a different port. That stopped them (for
now...)
--
Michael Bane
Atmospheric Physics Group
University of Manchester
Reply to: