On Tue, Sep 30, 2008 at 01:43:46PM -0400, Eric Martin wrote:
I have an outward facing ssh box at work that is currently being attacked. somebody's going through a dictionary attack of usernames; currently he or she is on abl. I can't block the IP Address because the ip is different with each username. Does anybody have any good ideas on how to stop this? I'm probably going to move the ssh port to some random high number to get rid of this, but I don't know yet if anybody else ssh's in besides me.
Thanks in advance
You could always just ignore it. Especially if you turn off password authentication and require users to use SSH RSA keys. Then no matter what dictionary attack it attempted, it will never work.
I got sick of hearing my hard drive logging all the failed attempts and finally resorted to moving the SSH port. _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug Yeah, I'm only allowing PKI to authenticate via ssh. I tried to move
Chuck Anderson wrote: the port but a firewall (or two) is blocking the high level stuff so I have to trace through and see where it is. I need to document the server so I'm probably going to fix the firewall / move the port then. thanks! -- Eric Martin Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F