Re: significant incoming SSH volume

[Brian Epstein <bepstein () IAS EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/16/2010 10:03 PM, Michael J. Wheeler wrote:
> On some of our linux servers, we're using an open-source piece of
> software (the name escapes me at the moment, I'm not the unix/linux guy)

We've had good luck with fail2ban (maybe that's what you are using?) for
these types of brute force attacks.  I'm still trying to get a usable
set of rules for our IPS to do this across the network.

Thanks,
ep

- -- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Network and Security Officer            Institute for Advanced Study
Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvGIQIACgkQYRdMJQNxwSqh4ACgrQc4mw61Lz8cg2OykJghMfzm
+KoAoLU1yvMGhnJF9+Btgs3uPlSJ52o5
=0Q6Z
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature