[nSLUG] Bell FibreOP port blocking
vlado at dnlp.ca
Sat Oct 10 17:44:27 ADT 2015
I still see quite a few ssh attacks. I recently checked on a server
to find out that it had an ssh attack going on from an IP number (or a
small variation of it) for the last 4 months, with almost 30,000 attempts
per day. I set iptables rules to for these IP numbers to DROP permanently
(for a while), and added the rules to drop the packets from an IP number
if too many attempts are made at SSH in a short time period. These are
actually quite nice rules that I would highly recommend.
On Sat, 10 Oct 2015, George N. White III wrote:
> On Sat, Oct 10, 2015 at 11:36 AM, Eugene Cormier <eugene.cormier at gmail.com> wrote:
> On Sat, Oct 10, 2015 at 02:26:54PM -0300, D G Teed wrote:
> > SSH is best for home servers to run on an alternate port anyway, or you will
> > have brute force attempts hammering the system 24x7.
> I put my ssh port to 443 so that I can connect from hotels and the
> Some corporate networks allow outgoing traffic on a few "standard" ports, so
> ssh may have to use 22. In my experience, the level of brute force attacks
> has gone down in recent years.
> George N. White III <aa056 at chebucto.ns.ca>
> Head of St. Margarets Bay, Nova Scotia
More information about the nSLUG