> Hello, > > once in a while (say, every two weeks) I get a brute-force > login/password scan attempt in my server (i.e., a single ip tries > dictionary account names and passwords at random). SSH access is > needed by many users, and (RSA/DSA key)-only access is, at present > time, unwanted. So far none such attempt was lucky (to my knowlege), > but it always gives me creeps when I see unusually big logwatch > reports, and my contacts to sysadmins of originating networks are > usually ignored. > > Any ideas? > > Maybe there is a way to temporarily block ips upon such attempts (is > this a FAQ?), or maybe divert them like what portsentry does for > portscans? >
I suggest you should use long and 'safe' passwords. It helps you a lot, but as many of people have answered about using different port and so on.. those are good ways too. - Henri Salo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
