[Cialug] denyhosts logging LOTS of attacks
Daniel A. Ramaley
daniel.ramaley at DRAKE.EDU
Tue May 13 13:38:48 CDT 2008
On Tuesday 13 May 2008 12:53, Josh More wrote:
> All you're doing is reducing traffic (not a
> bad thing, really) and reducing your log volume.
If you reduce your log volume it will make the more advanced and
worrisome attacks easier to spot since there will be less noise.
Personally, i run ssh on the standard port 22. But only because i'm too
lazy to redo my firewall configuration to let in something else. (I
don't like futzing with the firewall.) I do, however, have ssh locked
down in all the other ways, and i keep up with security updates to it.
I think it pretty unlikely i'll get cracked via ssh. But, if i ever get
around to it, i'll definitely change the port just so my logs aren't
filled up with all the noise from the dictionary attacks. Have those
*ever* worked? I've not personally encountered a system so insecure a
dictionary attack would work against it...
------------------------------------------------------------------------
Dan Ramaley Dial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540 Des Moines IA 50311 USA
More information about the Cialug
mailing list