Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jan 2010 08:21:24 +0100
From:      Erik Norgaard <>
To:        David Southwell <>
Subject:   Re: /etc/hosts.deniedssh
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
David Southwell wrote:
> Examples from hosts.deniedssh
> I seem to be on the receiving end of a concerted series of unsuccessful break 
> in attacks on one of our systems. One small part of the attack has  resulted 
> in over 2000 entries in our hosts.deniedssh file in less than 1 hour. 
> I would be interested in any comments on the small example shown below and any 
> advice.

1. see thread from last week "denying spam hosts ssh access"
2. don't resolve ips
3. do a sort, you'll see that many come from the same network, possibly 
the same node with a new IP, block entire ranges, blocking individual 
ip's is futile.
4. consider blocking in your firewall
5. don't worry, unsuccesfull attacks are - well, unsuccesfull

BR, Erik

Erik Nørgaard
Ph: +34.666334818/+34.915211157        

Want to link to this message? Use this URL: <>