[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ssh scans
On Mon, Oct 26, 2009 at 12:42 PM, David Wetzel <dave%turbocat.de@localhost>
> I am seeing a lot of ssh scans and I am wondering if somebody has a solution
> like adding the bad hosts temporary to pf.conf or so?
> see for yourself:
> cat /var/log/authlog | grep -i failed | grep user | sed "s/.*from\ //g" |
> sed "s/ port .*//g" | sort | uniq -c
Whenever you say something like this, you should always include:
And this is why I can't just change the port to some other port number:
Because that eliminates about 99.9% of this problem. Dealing with the
other .1% is still probably worthwhile, though.
Main Index |
Thread Index |