On Thu, 21 Aug 2008, Michael Tautschnig wrote: > > * use a Firewall to prevent other IP address to connect to your ssh > > service. restrict just to yours (iptables script can be easy to find on > > the web) > Well, I should have added that my hosts must be world-wide accessible using > password-based authentication, so this is no option.
In the long term, switch to key-based auth. > I'm not a huge fan of security by obscurity, so I'd rather stick with 22 for > now. Switch to key-based auth. Brute-forcing the keys is much harder. Meanwhile, you really should do something to reduce your attack surface, so fail2ban and the like, plus non-standard ports are a damn good idea while you implement the proper "fix" (drop passwords). > What remains open is what could one do proactively? I don't really feel like > striking back, but getting rid of the attackers would be kind of nice... Strike against a botnet? That's a waste of effort, really, with very few exceptions. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
