Yaroslav Halchenko wrote: > If you agree - close the bug. If not - bring your arguments ;-)
In my case it is a distributed DoS: [EMAIL PROTECTED]>grep "Did not receive identification string from" /var/log/auth.log /var/log/auth.log.0 | grep -v UNKNOWN | cut -f 12 -d " "| sort -u | wc -l 94 [EMAIL PROTECTED]>zgrep "Did not receive identification string from" /var/log/auth.log*gz | grep -v UNKNOWN | cut -f 12 -d " "| sort -u | wc -l 521 That's 615 different IP addresses, and really hammering badly, not counting the attepmts from UNKNOWN, and the attepmpts to exploit vulnerabilities by sending strange escape chars, I attach examples in a logfile. There should be a way, maxretry and bantime look exactly the way, to stop this without banning legitimate ssh clients. So, no, please do not close this bug, unless you ate least document how to stop this in README:Debian :) Thanks for you great job -- ยท''`. If I can't dance to it, it's not my revolution : :' : -- Emma Goldman `. `' Proudly running Debian GNU/Linux (unstable) `- www.amayita.com www.malapecora.com www.chicasduras.com
ssh_hammering.gz
Description: Binary data
