On 12/04/2019 15:47, Mike Bird wrote:
> On Fri April 12 2019 03:44:55 Michael Howard via trinity-users wrote:
>> On 12/04/2019 09:03, deloptes wrote:
>>> If you are target or not - you do not know. I see in the last couple of
>>> months constant brute force attacks on my ssh server
>> and upgrading will stop that? No. A bit of� filtering of known spam IPs
>> would help much more.
> Attackers mount attacks from the new systems they pwn - possibly
> including yours.
>
> It is not feasible to block millions of infected IP addresses with
> thousands more infected and disinfected every day.
>
>
Of course it's possible to block millions, if you have their IPs. It 
wouldn't be efficient but then 'millions' are not brute force attacking 
my, or your, or deloptes system at any one time. If they were, it would 
be pointless anyway. The point is, if you have a regularly updated list 
of known spam IPs, which we do, and you use a decent firewall, which I 
do, you can prevent a huge amount of brute force attacks by just 
dropping the connection.

The reason why my system _isn't_ infected is because I do just that. I 
don't rely completely on debian devs to right their own wrongs, nor 
should I.

-- 
Mike Howard