[BUGS] Constant SSH login spam
Jerahmy Pocott
quakenet1 at optusnet.com.au
Tue Feb 5 22:49:05 EST 2008
On 05/02/2008, at 8:32 PM, Edwin Groothuis wrote:
> On Tue, Feb 05, 2008 at 09:19:30AM +1100, Martin Barry wrote:
>> It's security by obscurity and it will only work until it gets
>> popular and
>> then intruders will start port scanning before launching the
>> dictionary
>> attack.
>
> It's not to make your machine more secure, it's to save yourself
> the CPU cycles by these kind of attacks.
And not fill your security logs with tons of invalid user logins..
At home I simply firewall off port 22 and have some rules to pass only
a select few addresses, I could use a non-standard port but I prefer
to keep tight security on incoming connections and that works fine
when I'm the only person connecting..
How ever at other sites that's not really practical.. It's sort of
important to know if disgruntled ex employees are trying to crack into
users accounts or if it's just the general background noise that seems
to exist these days.. This denyhosts program seems to be a good
compromise between blocking out the noise that's wasting cpu cycles
and still keeping an eye on real threats.. The only question is, does
the program end up using more cpu cycles than the spam? =p
Cheers,
J.
More information about the BUGS
mailing list