8 Jan
2014
8 Jan
'14
9:37 p.m.
On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote:
I've seen idiots attacking ... via the SSH connection,
FWIW, I've put all my public SSH ports on non-standard port numbers. It's
pretty much eliminated all the attacks.
I think most of these attackers are bots and script kiddies, and they only
try the well known ports.
Bob
I personally run sshd in pubkey auth mode only, and when I see login attempts, I bombard
the source IP with packets using nmap. Tends to stop them in about 30-90 secs.