15 Nov
2014
15 Nov
'14
5:05 p.m.
On November 15, 2014 1:53:50 PM eric gisse jowr.pi@gmail.com wrote:
Hi,
Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks?
There is a bunch of other software (ids etc.) for that.
Because this list is most likely just a bunch of internet background noise.
It is, thats why i wrote "usual suspects" ;-)
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking.
Im aware of that but the sad truth is that i have to make some compromises even if i really don't like them :-(
But that is a whole other story, i'm afraid.
Sebastian