Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Gary Baribault (garybaribault.net)
Date: Wed Jun 23 2010 - 11:38:05 CDT
In this attack, there's no need to throttle, the attacking computers hit
it once every 15 seconds or so from many different sources. My denyhosts
is not blocking 99.999% of the attempts.
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
On 06/23/2010 12:33 PM, Cody Robertson wrote:
> On 6/23/10 4:22 AM, yersinia wrote:
>> On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro <faust64gmail.com>wrote:
>>> I also don't want to change my ssh port, nor restrict incoming IPs, ... and
>>> I use keys only to log in without entering password.
>>> So you're not alone.
>>> I had my IP changed several times, my servers are only hosting personal
>>> But I'm still seeing bruteforce attemps in my logs.
>>> Here's something I use on my servers.
>>> In cron, every 5-10 minutes, that should do it.
>>> Of course, if you're running *BSD, pf is way more interesting to do that.
>>> Perhaps could be better to use something standard as fail2ban
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> If you have iptables it has ways you can do this throttle too many
> connections within a specified period. I much prefer using something
> such as this over third party software.
> I'm sure you can do this in PF however I'm not familiar with it enough
> to be certain (I'd be surprised if you couldn't however).
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/