[TAG] Re: ssh intruders

[Yan-Fa Li]

Slightly off topic.

I realize you actually want to cause the hacker some grief, but assuming
you just wanted to get rid of the problem you could try filtering on
Source IP addresses, what I did, this is especially effective if you
tend to come in from specific ranges or addresses.  My logging went from
dozens of entries down to legitimate traffic only.  If I want to access
it from a new host, I have "trusted" third party hosts which have open
access, which I don't have to defend or see the logging for.

Another alternative approach is knockd an implementation of a knock
knock protocol:

http://www.zeroflux.org/cgi-bin/cvstrac/knock/wiki