[SLL] bad login attempts
technoshaman at liawol.org
Tue Jul 29 11:26:37 EDT 2008
On Mon, Jul 28, 2008 at 10:32:44PM -0700, Brian Lane wrote:
>Move the port that you are running openssh on to some place other than
>port 22. Problem solved without mucking with iptable settings, all these
>are are scripts knocking on the door. Move the door and the logs get
>alot less noisy.
>I'm not a big fan of automated responses to scanning and password
>attempts. Too many things could go wrong, like locking yourself out on
>accident (no, I haven't done that myself!).
Meh. fail2ban with a couple of well-chosen "always allow this IP" entries
(and keys so you can't fat-finger the password, as a belt-and-suspenders
approach) seems to work well enough for me. Moving the port around
is... ok... if your users are savvy enough (or your client platforms are
well-maintained/locked down enough) to handle it... but frankly, if you
present a hard target, usually the skript kiddies will look elsewhere.
That and basic philosophy (the Kantian imperative) says that if we go hide,
they will seek, but if we all simply stand there and take what they dish and
laugh in their faces, they will think it's not fun anymore and go find
another amusement. Which has been borne out by personal experience, albeit
on Port 25, not Port 22...
But that's a whole 'nother can of worms.
More information about the linux-list