On Wednesday 04 May 2005 3:47 pm, Jeff Vian wrote: > On Wed, 2005-05-04 at 18:23 -0700, Daniel B. Thurman wrote: > > Folks, > > > > Seems that I am getting daily brute-force ssl attacks -- > > Anything I can or should do? > > > > Here is the System Logs: > > ======================================= > > May 4 01:01:50 linux sshd[10438]: Did not receive identification string > > from ::ffff:194.65.138.98 May 4 01:04:44 linux sshd[10448]: Illegal user > > temp from ::ffff:194.65.138.98 May 4 01:04:57 linux sshd[10448]: Failed > > password for illegal user temp from ::ffff:194.65.138.98 port 52888 ssh2 > I set my firewall to block ssh from everywhere except the few places I > might use for remote access. It drastically cut down the attempts to > get in. I now only get hit from one or 2 IPs a day. What would you recommend for those of us who need to administer systems from dynamic IPs? I've got pretty tight restrictions on allowed users/groups plus no root logins. I haven't gotten broken into, but this sure is irritating. Is there more that can be done (reasonably)? Aloha -- Chris Stark Musician, Linux User, & Grad Student http://chrisstark.com/
