Re: stopping ssh attacks

To: debian-user@lists.debian.org
Subject: Re: stopping ssh attacks
From: Ugo Bellavance <ugob@camo-route.com>
Date: Thu, 16 Jun 2005 10:16:43 -0400
Message-id: <[🔎] d8s1ad$k7m$1@sea.gmane.org>
In-reply-to: <[🔎] 1118931002.17626.45.camel@localhost.localdomain>
References: <[🔎] 20050616140545.GF31281@tomass.dyndns.org> <[🔎] 1118931002.17626.45.camel@localhost.localdomain>

michael wrote:
> On Thu, 2005-06-16 at 09:05 -0500, Thomas Stivers wrote:
> 
>>I have been getting a huge number of attempts to log into my box via ssh
>>which fail with invalid username entrys in the logs. Is there already a
>>package which will let me look through the logs and dynamically add
>>iptables rules to drop anything from these scanning addresses after
>>something like 3 attempts. I know I can set up hosts.allow and
>>hosts.deny to only allow ssh in from particular ip's, but I'd rather not
>>do that. Any suggestions would be appreciated.
>>
> 
> 
> 
> I set up sshd_config to use a different port. That stopped them (for
> now...)
> 

Maybe try port knocking.  A google search should find.

Reply to:

Follow-Ups:
- Re: stopping ssh attacks
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

References:
- stopping ssh attacks
  - From: Thomas Stivers <stivers_t@tomass.dyndns.org>
- Re: stopping ssh attacks
  - From: michael <linux@networkingnewsletter.org.uk>

Prev by Date: Exim4: all relevant MX records point to non-existent hosts
Next by Date: fresh sarge install: no sound on nForce2?
Previous by thread: Re: stopping ssh attacks
Next by thread: Re: stopping ssh attacks
Index(es):
- Date
- Thread