[vox] [fwd] ssh "attacks" - distributed slow scans - not exactly "news", but?for the curious ...
Gandalf Parker
gandalf at any1can.net
Thu Dec 4 05:33:59 PST 2008
On Wed, Dec 03, 2008 at 11:37:10AM -0800, Scott Miller wrote:
> What are your thoughts on using /etc/hosts.deny to block ssh access
> from entire geographical regions? I ran across this post which is very
> curious:
>
> http://nukecops.com/postp172318.html#172318
A buddy admin that was helping me out for awhile put in some of those. He did it almost automatically and didnt even think it worth mentioning to me.
Pros and Cons. It DID cut the attacks way down. But it also created a situation later where some people on the forums I frequent were unable to get some of the support files that I placed on my site. It took me awhile to realize why.
Now I removed all of those mega blocks. I only block an occassional IP. In fact, I have watched attacks that took days on my machine and have just let it run. Unless it causes me a load problem I dont block anymore. I figure they might as well waste their time on my box rather than move on to someone more vulnerable who might not watch the activity as closely.
Gandalf Parker
More information about the vox
mailing list