On Monday 04 April 2011 21:08:45 David G.Miller wrote: > Rainer Traut <tr.ml at ...> writes: > > Hi, > > > > to prevent scripted dictionary attacks to sshd > > > I applied those iptables rules: > SNIP > > > Lots of good advice from several people. All of the suggested solutions > mean you still have to wade through log entries from the unsuccessful > attacks. > > I've been quite happy with similar IP tables rules but I moved sshd to > listen on something other than port 22 for external connections. I > haven't seen a single brute force attack since making the move and all > unsuccessful attempts to login via ssh get logged so it's not like > attackers can stay below my radar. This does not help if you provide a public services like shared hosting. We have all of our ssh daemons listening on different port. It was ok for a month or two... and then it became almost the same. > > It seems that the script kiddies who are responsible for most of these > attacks don't bother scanning (nmap) before the attack. If port 22 isn't > open they move elsewhere. If I ever see any failed login attempts I can > assume that the perpetrator is at least a little more skilled than usual > and possibly take additional action. > > Cheers, > Dave > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos -- Best regards, Marian Marinov -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20110404/20d236f9/attachment-0005.sig>