On 6/10/07, Mike Bird <mgb-debian@yosemite.net> wrote:
On Sunday 10 June 2007 09:29, David Baron wrote:
Unless the neighbor kid is really stupid, the attacker is probably
operating from a foreign country via a chain of several hacked PCs.
You will most likely never know who it is. The attacker is probably
simultaneously attacking thousands of systems.
I've seen plenty, mostly from Asian countries, depending on what time of day it is.
There is (or seems to be) a dedicated effort, probably organized crime, that is bent on simultaneously attacking as many open iP addresses as they can find. Fortunately, there are methods one can take to metaphorically give the finger to these twerps. One would be to use port knocking, or port limiting, or time out rules in your iptables scripts. For instance, after so many failed attempts, the connection is throttled so the attacker cannot login anymore after so many minutes or seconds.
What really gets me is that last month I moved, and after a week of no internet, I got a second static IP address (my first one was on the net for almost 7 years). It didn't take these twerps more than a day to notice my new IP address and start trying to hack in.
If you bind ssn to localhost, doesn't that obviate the purpose of having ssh(d) running? One would think that you wanted other machines to connect to you (my main use is so I can ssh in from a remote PC at my Mom's house when I'm over there).
Anyway, the OP may want to consult this: