Use port knocking. The iptables settings for port knocking is available at http://www.soloport.com/iptables.html. Others port knocking methods are available in http://www.portknocking.org
On 2/13/06, Jim Perrin jperrin@gmail.com wrote:
I have 2 questions. One, is there anything you can do to stop these attempts, other than not running ssh?
Welcome to script-kiddie 101. You can use key based authentication instead of password based, which will help, or you can move ssh to an alternate port. by moving ssh off port 22, you'll eliminate virtually all of these probes.
And two, do those ssh attempts every 3 or 4 seconds slow down a box, or put any strain on it?
Theoretically, it reduces it a little, but in practice, you won't/shouldn't notice the difference. The most noticeable hit is to bandwidth, but even that should be reasonably small.
-- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety'' Benjamin Franklin 1775 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Cleber P. de Souza