Quote:
Originally Posted by unSpawn
I think it would be easier to point the OP to using fail2ban or equivalent as you wouldn't have to think twice about what to block and what not?..
|
Thats valid as well.
Fail2ban is great for many services, and denyhosts is great for SSH. But those are for dynamic attacks,.. attacks from many endpoints in many countries that aren't able to be 'grouped' together easily.
China, on the other hand, is easy to group together (ip-wise) and statically block at the router level if you have no reason to accept Chinese traffic (example: you run a muffin store in Ohio.)
I think it's better to stop malicious traffic at the edge, IF you can, than allow it into the network.
A mixture of both processes would be best.. if you are going to expose SSH to the world. Get rid of traffic at the router that you know 100% you don't need, and use fail2ban or denyhosts to further secure your world facing services.