<clueless_newbie>
just out of curiosity.
Could this be an attack from some sort of botnet? would that explain the different IPs?
or is he forging packets?
</clueless_newbie>

On Tue, Sep 30, 2008 at 1:43 PM, Eric Martin <freak4uxxx@gmail.com> wrote:
I have an outward facing ssh box at work that is currently being
attacked.  somebody's going through a dictionary attack of usernames;
currently he or she is on abl.  I can't block the IP Address because the
ip is different with each username.  Does anybody have any good ideas on
how to stop this?  I'm probably going to move the ssh port to some
random high number to get rid of this, but I don't know yet if anybody
else ssh's in besides me.

Thanks in advance
--
Eric Martin
Key fingerprint = D1C4 086E DBB5 C18E 6FDA  B215 6A25 7174 A941 3B9F


_______________________________________________
Wlug mailing list
Wlug@mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug