On Apr 9, 2005 6:43 PM, Robert Spangler <bms@xxxxxxxxxxxxxxxx> wrote: > I will agree that for a script kiddy this will work, but for someone who is > really trying to get in they will figure this out in a short time and then > you are no longer protected. The best bet is to move to an unknown port. Sorry. Not true. If it is someone who knows that your system is there, and seriously wants to get in, simply moving ports is not going to stop them. It is very easy to see which ports respond to a connection attempt, and when you find a port that responds, it is not difficult to tell that it is an SSH daemon that you connected to. Blocking access based on IP addresses is also not perfect, because people who are intent on breaking in can simply try from another address... but they you are talking about a big waste of resources when you only get a few attempts before getting locked out. The method mentioned above does seem to make good sense because after only a small number of unsuccessful attempts in a short time, they are automatically blocked for a time. And the number of attempts or time are configurable. The next best thing that can be done to this is to not only block them for a period of time, but rather block them until a system administrator manually unblocks them. -- David Registered Linux User 383030 (since everyone else was doing it 8-) ----------------------------------------------------------------------- There are only 10 kinds of people in this world, those who understand binary, and those who don't.
