Tom Rivers <tom@xxxxxxxxxxxxxxxxx> writes: > The best thing I've found to protect against brute-force SSH attacks is > something called fail2ban: Such programs help you save the CPU time of sshd answering the connection from a single abusive host, but would do little against a distributed botnet attack. Luckily botnets aren't really used against sshd yet, but it they were you'd potentially be seeing distributed guessing attacks from 10,000 different hosts. If they all took turns to guess a single password in round-robin fashion, the filters would never trip. I don't know if any of the attacking hosts are cooperating, but I already see a few time-adaptive attacks, where the attacker returns after an increasing amount of time to try to stay under the wire. (Right now spam pays off more, so the money is in using botnets to send direct spam. At some point it may pay off more to use compromised sshd hosts, so the economics may change.) -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ Hints for IPv6 on FC6 http://www.wsrcc.com/wolfgang/fedora/ipv6-tunnel.html
