msalists at gmx.net
Tue Jan 23 10:53:35 PST 2007
> They have no chance to get in. OK, so what specific problem are you
> trying to solve, again? And what exactly makes IP/port filtering
> ("firewalls") an appropriate tool for that?
> Maybe the problem you're trying to solve is "I'm really
> bothered by the
> logcheck reports that show all those dictionary attacks." Since you
> say there's no chance of them getting in, maybe the right solution is
> to better configure logcheck's reporting, to reduce the meaningless
> information so you can concentrate on what's significant.
> This matter seems to come up frequently, by the way.
Some time ago I suggested having sshd listen to a different port than 22. I was criticized that this was just a workaround and
didn't really fix the problem at a deeper level, but it worked for me. It's been over a year now and I can not remember having had
one hit since. Before I changed the port I had tens of thousands of hits every single day...
More information about the svlug