On Fri, Jan 11 2008 at 24:11, Lars Nood?n wrote: > Kennith Mann III wrote: > > ... > > While moving the SSH port doesn't help much against anyone running an > > nmap scan, it stops blind port 22 scans that run generic password > > hacks and filling your logs with crap, > > Overloads help a bit: > > pass in on $ext_if proto tcp to ($ext_if) port ssh > flags S/SA keep state (max-src-conn 4, \ > max-src-conn-rate 2/60, overload <bruteforce> \ > flush global) > > Regarding the logs, one thing that worked in the past was giving the > netblock owner a hard time. It's their responsibility. It's not too > hard to make up a shellscript (or use another scripting language) which > automates a daily report and the complaint.
I always hesitate to use this trick. Could you please develop more the implications of this method? Is it still effective? Thanks! Claer
