On Thu, 2007-10-04 at 10:12 -0400, Jacques B. wrote: > I had SSH activated for a while on a box because I needed remote > access to administer the web server (I was hosting a pretty basic site > for some elementary school kids - kid friendly links). I wrote a > couple of scripts to carve out offending traffic in my logs and tag a > standard paragraph to it advising the IP owner of malicious traffic > originating from their network. Some responded (most did) thanking me > for advising them and stating that they would look into it. Usually > another infected machine as was pointed out in this thread. Much like > if someone was able to compromise your box and then use it to initiate > attacks against other systems. Your ISP would come to you telling you > that they will take you off the grid until you correct the problem. > > Jacques B. > As an aside, I use fail2ban which allows me to set a threshold for failed SSH access (and thresholds for other services as well). Once the threshold has been reached, the firewall is reconfigured to deny access for as long as you'd like. It allowed me leave keep my SSH port for those applications that can't switch to another port and stopped every brute force attack at the same time. http://www.fail2ban.org/wiki/index.php/Main_Page You can install it with yum too: yum install fail2ban Tom -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
