ssh brute force attacks 3204

Michael Heiming

Pretty dumb script that blocks its own internal ip.. though in my case, internal IP's are already blocked outside of office hours.

OK, but again: I don't agree that doing this "introduces DOS". If someone really wants to DOS me, they are going to do it. Automatically blocking ip's might give them yet another way to do it, but it in no way invites that. And as I have said, I'd have to be pretty dumb to let such a script block an internal ip. And both my router and my iptables certainly know that an internal ip shouldn't be arriving on an external interface, so that's just silly anyway. That packet is going to be blocked regardless.

sits and necessarily hand to though

It is absolutely critical to my livelihood, yes. Or at at least a good 30% of my income, maybe more. So its security is perhaps a little bit more important to me than you might otherwise think. Yes, it is backed up, several different ways, with multiple incrementals, etc. But if it were out of service, I lose money immediately. Not a tremendous amount for a day or two of outage, but then there is my time to put things right again, and that costs something, even if it's only pyschological. So while I'm not going to spend tens of thousands of dollars to protect it, I am willing to spend more than I do now.

I suspect that part of my disquiet is just the not knowing the what and how of the security Interland surrounds me with. For all I know, it could be ten times better than anything I could do myself. But I don't KNOW, do I? So I worry..

-- Tony Lawrence