[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-e
Subject:    Re: [SLE] Multiple high port ssh connections from strange host?
From:       Per Jessen <per () computer ! org>
Date:       2006-02-06 15:45:26
Message-ID: ds7r0o$80n$2 () saturn ! local ! net
[Download RAW message or body]

Steven T. Hatton wrote:

> I believe this indicates someone is trying to break into my system. 
> Is there a way to deal with this kind of attack? Other than turning
> off ssh, that is.

This has been discussed in the past - I've seen several different
solutions such as:

1) banning attackers by IP-address after a sufficient number of failed
login attempts.. Essentially scanning /var/log/messages and doing
iptable updates (or hosts.deny updates). 
2) having iptables do some magic to count number of connects, and
disallowing after a threshold is reached. 


/Per Jessen, Zürich


-- 
http://www.spamchek.com/ - managed anti-spam and anti-virus solution.
Let us analyse your spam- and virus-threat - up to 2 months for free.


-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com


[prev in list] [next in list] [prev in thread] [next in thread]