From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-76172-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1JUVH7-0004aK-0T
	for garchives@archives.gentoo.org; Wed, 27 Feb 2008 23:01:21 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1A5B4E0837;
	Wed, 27 Feb 2008 23:01:19 +0000 (UTC)
Received: from mail.netspace.net.au (mail-out5.netspace.net.au [203.10.110.92])
	by pigeon.gentoo.org (Postfix) with ESMTP id BAD82E0837
	for <gentoo-user@lists.gentoo.org>; Wed, 27 Feb 2008 23:01:18 +0000 (UTC)
Received: from [172.16.0.52] (ppp246-231.static.internode.on.net [203.122.246.231])
	by mail.netspace.net.au (Postfix) with ESMTP id 947B51722CE
	for <gentoo-user@lists.gentoo.org>; Thu, 28 Feb 2008 10:01:16 +1100 (EST)
Subject: Re: [gentoo-user]  Re: SSH brute force attacks and blacklist.py
From: Iain Buchanan <iaindb@netspace.net.au>
To: gentoo-user@lists.gentoo.org
In-Reply-To: <fq4gut$3ls$1@ger.gmane.org>
References:  <47C5A316.8010303@shic.co.uk>  <fq4gut$3ls$1@ger.gmane.org>
Content-Type: text/plain
Date: Thu, 28 Feb 2008 08:31:13 +0930
Message-Id: <1204153273.7451.10.camel@orpheus>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 
Content-Transfer-Encoding: 7bit
X-Archives-Salt: bcd279d9-b6ff-47ba-b2c6-f2409a864a56
X-Archives-Hash: 10bcba3e7f898967b4218cbbe7a00bdb


On Wed, 2008-02-27 at 21:24 +0100, Remy Blank wrote:

>  A simple solution is to run sshd on a 
> non-standard, high-numbered port, e.g. in the 30'000. Bots only ever try 
> to connect on port 22. This will *not* improve the protection of your 
> server, but it will avoid having your logs spammed.

+1

I hosed my router, and had to go back to an old one that could only
forward port 22 to an internal machine port 22.  I got lots of brute
force attacks.  Well, most of them only tried about 5 passwords each, so
not exactly brute force...  Anyway, once I upgraded my router again and
forwarded port x0000 to port 22, I haven't seen one since.

HTH,
-- 
Iain Buchanan <iaindb at netspace dot net dot au>

Linux - because software problems should not cost money.

   -- Shlomi Fish

-- 
gentoo-user@lists.gentoo.org mailing list