[HECnet] Telnet/SSH attacks
Sampsa Laine
sampsa at mac.com
Tue Nov 26 14:48:48 PST 2013
On 26 Nov 2013, at 22:45, Mark Benson <md.benson at gmail.com> wrote:
We get them by the shedload on our work hosting server. We run CPHulk on there to keep them out. I'd suggest implementing some kind of 'block IP for 24 hrs after x failed logins' scheme if you can. That usually forces them to move on.
Nah, they make good target practice and a real data source for my SIEM :)
More information about the Hecnet-list
mailing list