My passwords are good :)

I have been using IPTables to stop unwanted entry by tying some services to my home office IP only and that stopped brute force on the attempted ports dead. Since I am the only user on the box and don't have hosting customers I can do things like that :)

I know about Leifs cool reject rules and the last time I tried to implement them I was on a Virtuozzo VPS running CentOS 4.6 and the needed kernel module could not be added to allow me to run those rules in the VE space.

I am now on an OpenVZ VE running CentOS 5.1 and will try them again as I would rather use that method to stop entry so I don't have to worry about being able to access if I am at a different location.

have you heard of the super computer NASA has?
According to an article this baby can crack passwords in a few seconds while the strongest home PC would take more than 100 years.

I'm just saying..no one is safe if the FBI gets their hands on that toy, haha ;)

If the US government is after you, you're already in serious trouble.

According to an article this baby can crack passwords in a few seconds while the strongest home PC would take more than 100 years.

They'd have to have access to your shadow file to be able to attack any faster than us mere mortals. They still have the limits imposed by the network and the services that they are using as an attack vector. e.g. they can only send so many requests to ssh before they run out of bandwidth into your server or the ssh daemon can't keep up any more.

The government (NSA, not NASA, by the way!) certainly have serious tools for invading your privacy, but they aren't usually who we all have to worry about. Most of our security foes are merely looking for more servers to use for sending spam...and they aren't all that smart, generally. They mostly use off-the-shelf tools, and just look for the low-hanging fruit (Windows boxes, mostly).

I would like to point out DenyHosts -- http://denyhosts.sourceforge.net/

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above... and more.