You could use connection throttling, it won't eliminate them, but it will
make it take longer. If you don't need ssh on that host (although, you
probably do, I'd be lost without it) disable it. You could bind sshd to a
different port, and disable port 22 (most of these attacks are automated
bots). The best thing you can do is to disable root access, use difficult
passwords (or better yet, use keys and disable passwords), go out of your
way to make sure you don't use common names for usernames (if you can), and
enforce a good password policy. Then you can do what I do when I get the
output of my logs, laugh.
On 9/23/05, John Marten <[EMAIL PROTECTED]> wrote:
>
> You know what i mean? Every day I get some script kiddie, or adult
> trying to guess usernames or passwords.
> I've installed the newest version of SSH, so i'm covered there. But I
> still get a dozen or 2 of the
> "sshd Invalid user somename from ###.##.##.###"
> "input_userauth_request: ivalid user somename"
> "Failed password for invalid user somename"
> "Recieved disconnect from ###.##.##.###"
> Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
> from ###.##.##.### to any flags S/SA'
> entry in my pf.conf file. But if I had do that for every hacker my
> pf.conf would be huge!
> There's got to be a better way, and I'm open to suggestions.
>
>
> John F. Marten III
>
> Information Technology Specialist
>
>
--
Abe Al-Saleh
And then came the Apocolypse. It actually wasn't that
bad, everyone got the day off and there were barbeques
all around.
