[SlugLUG] War Stories

[squid]

>So, I had a -lot- of fun earlier today reading through my logfiles. It turns
>out yesterday I was the subject of a massive brute-force attempt to break in
>to my system. I took some appropriate steps and confirmed that the machines
>that were doing the probing were part of a zombie-net.

As the others said deny'ing root logins via sshd.conf is the easiest way. If its a possibility you can also use iptables to filter 22/tcp (ssh) to only the hosts that need to login to your system. Take a look at logwatch you can configure it to
email you about everything going on with your box. Its pretty nifty. 

-paul
paul at csumb.edu