They can try, none have succeeded so far. They're script kiddies / bots anyway. sampsa <sampsa at mac.com> mobile +44 7961 149465 On 8 Jan 2014, at 23:01, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote: Sampsa Laine <sampsa at mac.com> writes: On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote: I've seen idiots attacking ... via the SSH connection,=20 =20 FWIW, I've put all my public SSH ports on non-standard port numbers. = It's pretty much eliminated all the attacks. =20 I think most of these attackers are bots and script kiddies, and they = only try the well known ports. =20 Bob =20 =20 =20 I personally run sshd in pubkey auth mode only, and when I see login = attempts, I bombard the source IP with packets using nmap. Tends to stop = them in about 30-90 secs. You'd still be beter off running it on a non-standard port. Also, doing onto others as they do on to you should be reserved only for good tasks; bombing the source is a good way to get them to really go after you and your systems. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.