3 Jan
2006
3 Jan
'06
1:44 p.m.
Jeff Vian wrote:
http://www.csc.liv.ac.uk/~greg/sshdfilter/
I use it on several servers and it works really well to detect and block attacks. With it an attempt to login with an unknown account gets instantly blocked, and with a known account (root or some other user) they only get 6 attempts before it is blocked.
That sounds worthwhile for a computer that only has SSH open to the network.
However, do be aware that this can confirm to attackers that an account is "valid", which could be useful knowledge in other attacks.
Hope this helps,
James.
--
E-mail address: james | Say it with flowers, send a triffid.
@westexe.demon.co.uk |