[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-linux-e
Subject: Re: [SLE] Multiple high port ssh connections from strange host?
From: Per Jessen <per () computer ! org>
Date: 2006-02-06 15:45:26
Message-ID: ds7r0o$80n$2 () saturn ! local ! net
[Download RAW message or body]
Steven T. Hatton wrote:
> I believe this indicates someone is trying to break into my system.
> Is there a way to deal with this kind of attack? Other than turning
> off ssh, that is.
This has been discussed in the past - I've seen several different
solutions such as:
1) banning attackers by IP-address after a sufficient number of failed
login attempts.. Essentially scanning /var/log/messages and doing
iptable updates (or hosts.deny updates).
2) having iptables do some magic to count number of connects, and
disallowing after a threshold is reached.
/Per Jessen, Zürich
--
http://www.spamchek.com/ - managed anti-spam and anti-virus solution.
Let us analyse your spam- and virus-threat - up to 2 months for free.
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic