MichaĆ Piotrowski wrote:
Hi,
I recetly had 30 hours of ssh brute force attack on my system. I'm
using strong passwords, but still can be geneated from /dev/random, so
I switched to rsa authentication. What's your favourite way to deal
with such attacks? Please describe pros and cons.
Regards,
Michal
Aside from not allowing password logins, I throttle them, they usually
get tired and go away to an easier target.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m limit --limit
1/minute --limit-burst 2 -j ACCEPT
-Eric