[ale] ssh brute-force

[Michael Strickland]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I leave my systems on 22 and just run fail2ban. Six failed logins and
they earn an iptables drop rule for 10 or so hours.  If they are
actually scanning then the port doesn't matter, it will still show up
as SSH if they probe it.
On 2/16/2014 2:20 PM, Edward Holcroft wrote:
> All,
> 
> I have a server that I had to open to the world for ssh. It's
> getting a lot of brute-force hits, although I've managed to bring
> it down to an "acceptable" level by using a suitable level of
> paranoia in denyhosts. Obviously I'd rather not have these hits at
> all.
> 
> I often hear the suggestion made that I should be using a
> non-standard port for ssh to reduce such attacks. I wonder though
> what the real value of this would be, since would a portscan not
> reveal the open port to would-be hackers anyway?
> 
> I've heard it said that unwanted ssh hits have been reduced to zero
> by changing the port from 22 to something else. Of course I can
> test the hypothesis by simply changing the port, but I'd like to
> hear some opinions on this question before doing so.
> 
> ed
> 
> 
> 
> _______________________________________________ Ale mailing list 
> Ale at ale.org http://mail.ale.org/mailman/listinfo/ale See JOBS,
> ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEVAwUBUwETYE57vLMARVTwAQItMwf/W+iorr7MkT2s4uXVJOW3v1VgN07BPEnL
ttXinyiAlTWcpOAPDuyliBL91Ynx5oAOf5tj8FLGu26aFY5vuco7mXd9F7Qc3Ugx
uEnu4KRTr33RqFScK6aC2sf45IHJURC7TuWbNrajKXRuaAqbGeBkovUuWzrY7RVA
ot4tDmGBN1gGxV0lcm2XFgxQpjjAN8bwpdrP4IlIeb3dxMsB06NUkBKcSbxzGZeG
/EgpPaCLaU+pekfY+JVq5NlfpPklrejPFIhkWDP0rASP8WeHo7ozTlyyVryt29FM
5qVq/mLhMRplZ2V4+wO8elRv9gAbgNpqofTFcV61raynzfje1/1SYQ==
=pt6k
-----END PGP SIGNATURE-----

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com