Eric - one way to stop the attacks is to let them in.... Time for a honeypot! IIRC a very simple C program can keep these guys occupied for hours.. Suggestion - move your ssh access port, and run THP Tiny Honeypot Quote: Wouldn't it be nice if every single unsolicited connection attempt tied up the attacker who launched it by appearing to actually work, all the while providing a little insight into their motives and intents? thp appears to listen on all ports otherwise not in legitimate use, providing a series of phony responses to attacker commands. Some are very simple, others are somewhat more interactive. The goal isn't to fool a skilled, determined attacker...merely to cloud the playing field with tens of thousands of fake services, all without causing unreasonable stress on the thp host. * Changelog: http://www.alpinista.org/files/thp/thp-0.4.4/CHANGELOG * Download: http://www.l0t3k.net/tools/Honeypot/thp-0.4.6.tar.gz * Home: http://www.alpinista.org/ * License: GNU General Public License * MD5SUM: 227ef8a3cedb49a1c634298f71a5832b * Platform(s): Linux --