Definitely keep root login turned off.
You can also do rate limiting in iptables. This assumes you have other rules in place to allow established and related connections and that the chain defaults to drop or reject:
Code:
ip6tables -I INPUT -p TCP --dport 22 -m state --state NEW -m limit --limit 4/minute --limit-burst 5 -j ACCEPT
iptables -I INPUT -p TCP --dport 22 -m state --state NEW -m limit --limit 4/minute --limit-burst 5 -j ACCEPT
UFW/GUFW should be able to do it too.
Others will also point to fail2ban.
You might report the attacker to the ISP where it launched from.
Bookmarks