David G. Miller wrote: > Rainer Traut <tr.ml at ...> writes: > >> Hi, >> >> to prevent scripted dictionary attacks to sshd >> I applied those iptables rules: > SNIP > > Lots of good advice from several people. All of the suggested solutions mean > you still have to wade through log entries from the unsuccessful attacks. > > I've been quite happy with similar IP tables rules but I moved sshd to listen on > something other than port 22 for external connections. I haven't seen a single > brute force attack since making the move and all unsuccessful attempts to login > via ssh get logged so it's not like attackers can stay below my radar. > > It seems that the script kiddies who are responsible for most of these attacks > don't bother scanning (nmap) before the attack. If port 22 isn't open they move > elsewhere. If I ever see any failed login attempts I can assume that the > perpetrator is at least a little more skilled than usual and possibly take > additional action. > > Cheers, > Dave > I use Denyhosts for my security. All attacking IP's are blocked automatically and sent to Denyhosts database server. Those IP's, from around the world are then shared amongst all denyhosts users/systems, so I am already protected from IP's attacking others. Ljubomir