moin moin, http://news.zdnet.co.uk/security/0,1000000189,39653852,00.htm So, there's a chance that an attacker can see 4 bytes of text from an SSH session. We already talked about this or something like it recently. The article notes that the problem can be avoided by "using AES in counter mode (CTR) to encrypt, instead of cipher-block chaining mode (CBC)." Something else we can do is work to prevent brute-force attacks and replay attacks. It looks like this handles single IP brute force attackѕ. That's good, but doesn't help with distributed attacks. shguard - protects from brute force attacks against ssh Looks like this is about the same, but handles lots of other services as well. fail2ban - bans IPs that cause multiple authentication errors Is there a tool that looks for and blocks distributed attacks, but auto-whitelists IPs that actually authed correctly? Anything for blocking replay attacks? Remember to disable remote connection for root. ciao, der.hans -- # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/ # "The purpose of IT is to seamlessly and transparently provide the other # 9/10's of the iceberg for people who need to work with chunks # of floating ice." -- Strata Rose Chalup