[vox] [fwd] ssh "attacks" - distributed slow scans - not exactly "news", but?for the curious ...

[Wes Hardaker]

>>>>> On Mon, 1 Dec 2008 12:01:38 -0800, "Don W" <don.werve at gmail.com> said:

DW> I usually configure sshd to listen on a non-standard port, at least
DW> for any server that faces the outside world.  Doesn't do anything
DW> against a deliberate attack, but it does help in protecting against
DW> zero-day worms and such.

Another suggestion: install the "denyhosts" package which watches for
invalid logins and adds hosts to /etc/hosts.deny (which will block the
remote machine from access to anything on the system that makes use of
tcpwrappers, which is most everything these days)

-- 
"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett