Quote:
I've always felt that black lists are a never-ending burden.
I've got half a dozen netblocks blacklisted for ssh to my little home server that has drastically reduced this sort of thing for me. I also have a state limit set of 1 session per source IP for ssh. So connections after the first get blocked for a few seconds until the rule drops from the state table. That may help a lot against dictionary attacks if you can configure your firewall in a similar way. If the bad guys can only try one connection every 10 seconds they may be inclined to move on to another target.
-Mike
Previous Topic
Index
