[TriLUG] bad address list
Ralph Blach
chipperb at nc.rr.com
Thu Jan 28 17:20:29 EST 2010
To whom would I report the attacks.
I will change the port number.
Chip
Cristóbal Palmer wrote:
> On Thu, Jan 28, 2010 at 5:00 PM, Ralph Blach<chipperb at nc.rr.com> wrote:
>
>> Here is a bad address list of people who probe my port 22,
>>
> I appreciate your intent to be helpful, but honestly this kind of
> attack is so amazingly common, and the IPs change so amazingly
> frequently, that there are much better strategies than manually
> maintaining a list like this. Such as:
>
> 1) Be nonstandard. Don't use port 22. Startlingly few attackers
> actually scan for open ports before launching their attacks.
> 2) Use fail2ban.
> 3) Use denyhosts, which allows you (by editing a config file) to talk
> to a central server and automatically report abusive login attempts
> and download IPs doing the same to others. You can even set
> "resiliency" rules such that you only download IPs of hosts that have
> been abusing for at least 3 hours and have abused at least 4 other
> denyhosts users.
>
> There are other strategies that I'm sure others can comment on. I like
> to use both 1 and 3, and I tend to set it up so that people are only
> blocked for a couple of hours before getting purged by denyhosts.
>
> Cheers,
>
More information about the TriLUG
mailing list