From: "Les Mikesell" <lesmikesell@xxxxxxxxx>
Tom Rivers wrote:
On Sat, 2007-05-26 at 13:16 -0700, Wolfgang S. Rupprecht wrote:
Such programs help you save the CPU time of sshd answering the
connection from a single abusive host, but would do little against a
distributed botnet attack. Luckily botnets aren't really used against
sshd yet, but it they were you'd potentially be seeing distributed
guessing attacks from 10,000 different hosts. If they all took turns
to guess a single password in round-robin fashion, the filters would
never trip.
You're right. What do you recommend to protect against this sort of
attack?
Don't make a lot of enemies???
More like, "don't look like a very juicy target."
A tarpit machine with a redirection based on recent might be a really
fun trick if you want some entertainment.
{^_-}