|FROM ||Ruben Safir
|SUBJECT ||Re: [NYLXS - HANGOUT] Break In attempts on ssh
|These guys end up in my dev null routeing but two things about that one
first, comcast just pissed me off
secondly, that box is not one of my public servers. Its pressence
should be virtually unknown.
On Wed, Apr 18, 2007 at 10:48:02PM -0400, Ron Guerin wrote:
> Ruben Safir wrote:
> > failed - POSSIBLE BREAKIN ATTEMPT!
> > Apr 17 08:22:24 flatbush sshd: Invalid user temp from ::ffff:18.104.22.168
> Surely this isn't the first time you're seeing it? This stuff goes on
> all day for me, 365 days a year, except for leap years, and has for years.
> I've found it can put a noticeable drag on older systems. Fail2ban does
> a good job of dealing with this problem. More or less:
> 1. Bad guy pounds your sshd
> 2. Fail2ban blocks that IP for 5 minutes
> 3. Fail2ban unblocks that IP after 5 minutes
> 4. Bad guy's bot has moved on.
> - Ron
http://www.mrbrklyn.com - Interesting Stuff
http://www.nylxs.com - Leadership Development in Free Software
So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998
http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
"Yeah - I write Free Software...so SUE ME"
"The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society."
"> I'm an engineer. I choose the best tool for the job, politics be damned.<
You must be a stupid engineer then, because politcs and technology have been attacted at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one."