Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Host Blocking and Logfile Parsing



On Sat, 2007-01-20 at 11:12 +0900, Curt Sampson wrote:
> I myself don't see the security advantage of blocking IPs based on the
> ssh attacks; turn off password authentication and no password attack
> will ever succeed anyway.

Sure, but last time I was hacked it was remote php inclusion not brute
force ssh attempts, so my thinking is drop all traffic from *all*
suspicious machines. I agree that not allowing password authentication
for ssh is a good idea, but I also think blacklisting the bad guys seems
like a proactive measure as well. Now I just gotta compile a new kernel
that supports ipsets... 

Cheers,
Scott VanDusen
Tokyo
 


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links