Quote:
If it gets to be a big enough problem, you could always just configure your firewall to drop all packets from those particular subnets -- that's pretty drastic, though.
Definitely a big uptick in these earlier this year due to some new kits. The try-5-accounts-and-move-on was enough but now some of them are cycling through longer lists of accounts. Makes for bloated log files. Some discussions to be found like here.
No zero-pain solution. I've always felt that black lists are a never-ending burden. Depending on the circumstances (can you know where you'll need ssh access from?) a white list may be a better answer.
_________________________
Jim
'Tis the exceptional fellow who lies awake at night thinking of his successes.
Previous Topic
Index
