Re: www server hit by dictionary attack - suggestions?
- From: Tony Hogarty <newsreply@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 05 Dec 2005 17:27:27 +0000
On Mon, 05 Dec 2005 15:40:07 +0000, Peter wrote:
>
> Mark McIntyre <markmcintyre@xxxxxxxxxxx> wrote:
>
>>>I am not sure how this would help. The login attempts are all to port 22
>>>which is easily detected with a quick port scan. We can't enable only
>>>specific host IPs because I could be logging in from various locations,
>>>including over GPRS, so the IP could be anything.
>>
>>Enable blocks of IPs, eg your ISP?
>
> If accessing over GPRS, the IP would be that of the GSM network provider.
> Could be anything on the day.
>
> There's a lot of stuff on google under "ssh login attack freebsd" etc. A
> fairly recent problem.
Same gsm provider or multiple? The alternative is to load hosts.deny with
a list of ip addresses from regions that are know to be troublesome. So
unless you have a specific need to allow connections from Korea, Taiwan
and China I have a list of netblocks that you can put in hosts.deny that
willl probably go a long way towards easing your problem. If you want the
list mail me.
--
Regards
Tony
(Take out the garbage to reply)
.
- References:
- Re: www server hit by dictionary attack - suggestions?
- From: Tony Hogarty
- Re: www server hit by dictionary attack - suggestions?
- From: Tony Hogarty
- Re: www server hit by dictionary attack - suggestions?
- From: Mark McIntyre
- Re: www server hit by dictionary attack - suggestions?
- Prev by Date: Bulldog phoned me with an offer - £32 pcm
- Next by Date: Re: www server hit by dictionary attack - suggestions?
- Previous by thread: Re: www server hit by dictionary attack - suggestions?
- Next by thread: Re: www server hit by dictionary attack - suggestions?
- Index(es):
Relevant Pages
|
