From: Brian J. M. <br...@in...> - 2009-11-08 13:28:26
|
On Sun, 2009-11-08 at 14:18 +0100, n dhert wrote: > > But now I see my machine is SSH Brute force attacked (someone is > trying to login with all possible first names from the alphabet) but > by continously changing IP source address, Ayup. Wave hello to the botnet network. > so > Limit:... does not help I guess, since this limits the number of SSH > requests for a same IP address... > > In the last 3 months some 13.000 tries ( "Invalid user" in > my /var/mail/root) have been done coming from 1.750 different IP > adresses :-(( So why not just do what the rest of us do and change the port you use for SSH to something other than 22. Sure, it's totally security-through-obscurity but security is never absolute. It's just about making your premises harder to get into than your neighbour's. Fortunately, unless you are a specific target for some reason, thieves are lazy and will look for the lowest hanging fruit. b. |