Re: [opensuse] Results of moving ssh to a high port - Zero script kiddies in a 24 hour period.

* David C. Rankin <drankinatty@xxxxxxxxxxxxxxxxxx> [Nov 27. 2008 08:30]:
16:36 nirvana~/linux/boxes/bonza/log> wc -l < 20081121.log

After the change:

16:37 nirvana~/linux/boxes/bonza/log> wc -l < 20081125.log

Less than 300 entries in the logs in _total_ for an entire 24 hour period. If
you have similar issues, and your real user needs can be accommodated on a high
port, I highly recommend it.

Another approach is one I use after I found it on the DragonFlyBSD list.
Have an entry to send everything from the auth log into a seperate
program scanning for invalid user logins. If one such is
found--blacklist it. After a while it stops and you don't have to inform
all users about port number change.

Mads Martin Joergensen,
"Why make things difficult, when it is possible to make them cryptic
and totally illogical, with just a little bit more effort?"
-- A. P. J.
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx