[TAG] Re: ssh intruders
yanfali at best.com
Wed Sep 7 06:00:41 MSD 2005
Slightly off topic.
I realize you actually want to cause the hacker some grief, but assuming
you just wanted to get rid of the problem you could try filtering on
Source IP addresses, what I did, this is especially effective if you
tend to come in from specific ranges or addresses. My logging went from
dozens of entries down to legitimate traffic only. If I want to access
it from a new host, I have "trusted" third party hosts which have open
access, which I don't have to defend or see the logging for.
Another alternative approach is knockd an implementation of a knock
More information about the TAG