[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian SSH server configuration

On Wed, Apr 26, 2006 at 05:13:42PM -0400, Ralph Katz wrote:
> You wrote:
> > A quick check of my system log shows 1514 failed ssh attempts in the
> > last four days.
> 
> That almost goes away with fail2ban.  Works with sarge, too, (though I
> haven't yet upgraded from fail2ban  0.6.0-3.)
> 
> Regards,
> Ralph

Yeah, but as alluded to by the post I was replying to - letting the
black hat know that he/she is wasting their time on a well protected
machine just lets them move on to a less well protected one. 

If you really want to inconvenience an attacker, the best approach IMHO
would be to cause all login attempts from the problem IP to be failed
in a way that continues to look like simple incorrect passwords, with
delays thrown in. That way you waste the attackers time and prevent
them loading your server too much.

Of course if I really had some time to kill, it would be fun to just
let them into a sandbox thinking they had gotten in to some really
juicy target, and then play with them for a while...

Regards,
DigbyT
-- 
Digby R. S. Tarvin                                          digbyt(at)digbyt.com
http://www.digbyt.com
Reply to: