12 Apr
2019
12 Apr
'19
3:41 p.m.
On 12/04/2019 15:47, Mike Bird wrote:
On Fri April 12 2019 03:44:55 Michael Howard via
trinity-users wrote:
Of course it's possible to block millions, if you have their IPs. It
wouldn't be efficient but then 'millions' are not brute force attacking
my, or your, or deloptes system at any one time. If they were, it would
be pointless anyway. The point is, if you have a regularly updated list
of known spam IPs, which we do, and you use a decent firewall, which I
do, you can prevent a huge amount of brute force attacks by just
dropping the connection.
The reason why my system _isn't_ infected is because I do just that. I
don't rely completely on debian devs to right their own wrongs, nor
should I.
--
Mike Howard
On 12/04/2019 09:03, deloptes wrote:
Attackers mount attacks from the new systems they pwn -
possibly
including yours.
It is not feasible to block millions of infected IP addresses with
thousands more infected and disinfected every day.
If you are target or not - you do not know. I see
in the last couple of
months constant brute force attacks on my ssh server
and upgrading will stop that?
No. A bit of filtering of known spam IPs
would help much more.