On Tue, 2005-09-06 at 20:16, Maciej Żenczykowski wrote: > Instead of keeping the ssh port open, use something like the following: > > -A INPUT -p tcp --dport SECRETPORT# -m recent --set > -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --update > --seconds 43200 -j ACCEPT > > and then before ssh'ing in from outside telnet the SECRETPORT# on the > machine in order to open the ssh port for the next 12 hours. > Gets rid of script kiddies. Or just move the ssh port to another port number. I also got tired of all the log file activity. Moved ssh to another port and have not seen any of that traffic since then.