Sampsa Laine <sampsa at mac.com> writes:
On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote:
I've seen idiots attacking ... via the SSH connection,=20
=20
FWIW, I've put all my public SSH ports on non-standard port numbers. =
It's
pretty much eliminated all the attacks.
=20
I think most of these attackers are bots and script kiddies, and they =
only
try the well known ports.
=20
Bob
=20
=20
=20
I personally run sshd in pubkey auth mode only, and when I see login =
attempts, I bombard the source IP with packets using nmap. Tends to stop =
them in about 30-90 secs.
You'd still be beter off running it on a non-standard port. Also, doing
onto others as they do on to you should be reserved only for good tasks;
bombing the source is a good way to get them to really go after you and
your systems.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.