Responding to a Brute Force SSH Attack

Responding to a Brute Force SSH Attack
Jamie Riden

It was a bad start to a Monday morning: I arrived at work to find the intrusion detection system so bogged down in alerts that it was barely responsive.

Responding to a Brute Force SSH Attack 2009-01-27
Jansen Sena (jansen (at) jsena (dot) info [email concealed])

I used to run SSH daemon in an unsual port like showed in the article. Together with this configuration, I like to use fwknop to implement SPA (Single Packet Authorisation). In this case, the SSH daemon will be reachable just from the pre-authorised sources.

If SPA is useful to your reality, con...

[ more ]