Hi, Another cool option is to use knock daemon. With it I have ssh access disabled and when I need to get it - I send special packet sequence and doors magicaly opens:)
> -----Original Message----- > From: Peter Colton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 15, 2006 9:58 PM > To: debian-user@lists.debian.org > Subject: Re: Reporting brute force ssh login attempts > > On Wednesday 15 November 2006 18:51, Shri Shrikumar wrote: > > Hi All, > > > > I have a few servers on which there is a regular penetration attempts > > using brute force password guessing bots. > > > > There is little risk to the server but am getting more and more annoyed > > by this and as far as I can see am left with two options. > > > > 1. Report each ip address that does this. However, a lot of them seems > > to be from asia with no proper abuse@ address to contact. Additionally, > > this can be very time consuming. > > > > 2. Change the port number that ssh uses to something else. This has the > > annoyance that I need to pass the new port number in each time I want to > > log-in. > > > > 3. Ignore the issue. Very annoying since logwatch and logcheck > > constantly complain about it. However, I can add filters so it annoys me > > less. > > > > Is there a another option? Alternatively, is there a way of > > automatically reporting offending ip's? > > > > Any input in this matter greatly appreciated. > > > > Best Wishes, > > > > > > Shri > > Hello Shri, > > A handy tool I use to cut down on ssh brute force attacks is fail2ban : > You > can install it from backports.org. > Add the backport url to your sources.list > http://www.backports.org/dokuwiki/doku.php?id=instructions > Then after you have installed fail2ban comment out www.backports.org url in > your apt sources.list so that you will not bring in any unwanted packages in > the future. > > http://fail2ban.sourceforge.net/wiki/index.php/README > http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/ > http://www.debianhelp.co.uk/fail2ban.htm > > regards > > peter colton > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
