[Tfug] Throttling SSHD
Adrian
choprboy at dakotacom.net
Wed Nov 30 11:18:06 MST 2005
On Tuesday 29 November 2005 19:43, Mike Martinet wrote:
[snip]
> This is getting out of hand!
>
> unknown (221.165.2.59): 1707 Time(s)
> root (210.219.251.113): 640 Time(s)
> unknown (210.219.251.113): 344 Time(s)
That was me.... In addition to the other posts of groups/false shells, I would
suggest disabling root access via SSH (since that is the most valuable target
that most attempts target), via "PermitRootLogin no" in the sshd_config file.
Also, some tools for banning clients:
fail2ban http://fail2ban.sourceforge.net/
denyhosts http://denyhosts.sourceforge.net/
pam_abl http://www.hexten.net/pam_abl/
sshdfilter http://www.csc.liv.ac.uk/~greg/sshdfilter/
From one of my servers logs this morning (my record so far is 5000-something
attempts from 1 host alone):
from 195.136.50.169: 2140 Time(s)
from 202.164.189.36: 2178 Time(s)
from 211.5.160.121: 2089 Time(s)
from 61.153.26.206: 6 Time(s)
Adrian
More information about the tfug
mailing list