Re: [swinog] are you also seeing more ssh attacks ?

On 2018-07-02 12:25, Manuel Schweizer wrote:

Hey Tobi

Not seeing what you are seeing, but I can really recommend Fail2Ban if you are not using it already.

[..]

Failed attempts will now be logged and source IPs will be banned after several failed attempts.

Which is quite useless with the distributed scanners that exist have existed for the last few years.

A single IP will only hit you a few times... typically below the threshold of standard fail2ban or other alarm bells. The distributed scanner will keep on trying by using another IP from their vast botnet...

The big question: Why is that SSH port open to the world ? :)

Greets, Jeroen