On Wed, 2004-10-27 at 11:09, Andrey Andreev wrote: > Scot L. Harris wrote: > > On Wed, 2004-10-27 at 06:54, Jim Higson wrote: > > > >>>Good points James...you missed one though... port 22. I see more attempts > > > Brute force login attempts against ssh can work if given enough time > > How about setting portsentry to block IPs (temporarily) after 10 or so > attempts? Can it do that (I kind of think so)? So you slow down the brute force attack. If you block it permanently you set your self up to a DOS attack, just hit the system multiple times using spoofed addresses until you have blocked a significant range of addresses, or at least critical ones (such as DNS servers). Given enough time brute force attempts will work. Period. -- Scot L. Harris webid@xxxxxxxxxx While you're chewing, think of STEVEN SPIELBERG'S bank account ... his will have the same effect as two "STARCH BLOCKERS"!
