[SWLUG] Odd traffic. What is going on here?
Ed Holland
edholland at ntlworld.com
Fri May 11 23:01:40 UTC 2007
Hi,
The solution i use for this problem is a script called fail2ban, it monitors
services for failed logins and bans ips with over x failed attempts in y
minutes. It seems to work pretty well and is easy to configure. It can
monitor more than just your ssh server if you so wish as an added bonus.
http://www.fail2ban.org/wiki/index.php/Main_Page
Yours,
Ed Holland
On Friday 11 May 2007 23:46, Philip Barnes wrote:
> I do leave SSH ports open on my box, but I go for the approach of
> blocking all IPs in hosts.deny and then opening the ranges I am likely
> to need in hosts.allow.
>
> One of the ranges is my mobile operator, so I can always get in to tweak
> the ranges if I need access from somewhere I haven't thought of.
>
> Phil
> _______________________________________________
> SWLUG Discussion List - Discuss at swlug.org
> http://swlug.org/mailman/listinfo/discuss
More information about the Swlug
mailing list