John Merritt wrote: > Hi, > > I get ssh connect attempts all the time, to my servers at home and at > work. I've noticed lately they come from a certain ip address, hitting > every 3 or 4 seconds, trying 50 or 100 different user names and > passwords. And I get these sweeps from 2 or 3 ip addresses a day. I > guess this is an automated attempt to guess a user/pass and break into > a system. > Everything on the internet gets them all day long. I have several dedicated servers so the attacks become weary, and the only time I have ever had a security problem was a user with a guessable password. What I do is: Install APF on every box as the first thing I do. http://www.rfxnetworks.com/apf.php #apf -a myownips disallow ssh entirely with apf by leaving port 22 out of the the ingress setting. #chkconfig apf off in the event the server hangs, I want the data center to be able to ssh to the box, so a reboot will disble apf and they will be able to access. install bfd - http://www.rfxnetworks.com/bfd.php this will also stop the attacks on any port by banning the specifics IPs that have too many failed logins. APF is wonderful, very well thought out and powerful. It's not as flexible as a firewall such as shorewall, but I feel that is overkill to protect a single online server. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla at yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.