Re: stopping ssh attacks
michael wrote:
> On Thu, 2005-06-16 at 09:05 -0500, Thomas Stivers wrote:
>
>>I have been getting a huge number of attempts to log into my box via ssh
>>which fail with invalid username entrys in the logs. Is there already a
>>package which will let me look through the logs and dynamically add
>>iptables rules to drop anything from these scanning addresses after
>>something like 3 attempts. I know I can set up hosts.allow and
>>hosts.deny to only allow ssh in from particular ip's, but I'd rather not
>>do that. Any suggestions would be appreciated.
>>
>
>
>
> I set up sshd_config to use a different port. That stopped them (for
> now...)
>
Maybe try port knocking. A google search should find.
Reply to: