Re: [opensuse] Results of moving ssh to a high port - Zero script kiddies in a 24 hour period.



* David C. Rankin <drankinatty@xxxxxxxxxxxxxxxxxx> [Nov 27. 2008 08:30]:
16:36 nirvana~/linux/boxes/bonza/log> wc -l < 20081121.log
5353

After the change:

16:37 nirvana~/linux/boxes/bonza/log> wc -l < 20081125.log
294

Less than 300 entries in the logs in _total_ for an entire 24 hour period. If
you have similar issues, and your real user needs can be accommodated on a high
port, I highly recommend it.

Another approach is one I use after I found it on the DragonFlyBSD list.
Have an entry to send everything from the auth log into a seperate
program scanning for invalid user logins. If one such is
found--blacklist it. After a while it stops and you don't have to inform
all users about port number change.

--
Mads Martin Joergensen, http://mmj.dk
"Why make things difficult, when it is possible to make them cryptic
and totally illogical, with just a little bit more effort?"
-- A. P. J.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx