Brute Force Attacks

[Wanch]

I see in my logwatch that there are about 1,000 attempts a day to brute force into my server. Is there anything I can do to stop this?

I also notice that the attempts are on weird ports like 2232 but are SSH brute force attempts. I thought that SSH was on port 22?

About all you can do is ban their IP address from your server. I'm not sure about the ports, that is kind of weird.

Is that port currently in use? IVS video default, that is I think. If the port isn't in use, could you also block that as well as doing an IP block?

mabye that port # might of been the source port and not the destination, if you changed to using server keys instead of passwords you could pretty much disable password auth on the server =)

I've never been able to get SSH keys to work per user, only with root. How is it done with a single user?

personaly, i'm not sure - i haven't used keys myself, my workmate has set them all up, i usally just lock down ssh to ip address ranges that i know i will be accessing from, and just just a DROP rule for the rest of the incoming traffic (i also have shell access on a few severs, so i cam relay in if needed as well). i think that is the most secure way of doing it, only allowing traffic from trusted sources and droping the rest.


to each their own !