Eric> I have an outward facing ssh box at work that is currently being Eric> attacked. somebody's going through a dictionary attack of Eric> usernames; currently he or she is on abl. I can't block the IP Eric> Address because the ip is different with each username. Does Eric> anybody have any good ideas on how to stop this? I'm probably Eric> going to move the ssh port to some random high number to get rid Eric> of this, but I don't know yet if anybody else ssh's in besides Eric> me. I've been running 'denyhosts' python script on both debian and FreeBSD boxes I own. I don't like moving the SSH port because that's really just security through obscurity. And if your users have good passwords, it's unlikely that a dictionary attack is going to work as well. denyhosts works well, blocks hosts making multiple attempts, etc. It's hard to block attacks where they do one attempt/per IP, but hopefully it's going to take them long enough to run a useful sweep that the won't get in. Fail2ban looks to be another good option as well, though I haven't touched it. John