My Mac has always had the SSHD port forwarded from the firewall so I could log in from work (to grab music or check on things with VNC, etc.). Sometimes the CPU got pegged at 100% because of attacks against SSHD. Of course, there are typical admin tips for this behavior in /etc/sshd_config including disallowing root with PermitRootLogin, and whitelisting only you in AllowUsers. Personally I prefer to disallow PasswordAuthentication and stick with key exchange only. While I felt my system was secure, the attacks continued and took away from the usability of the machine.
I recently found sshdfilter ( http://projects.seas.columbia.edu/sshdfilter/ ), and wanted to share it with the MacRumors community. If a red flag is thrown on the SSHD authentication, the offending system can get firewalled out. Connecitons that don't even make it to the SSHD daemon don't eat up near as much CPU cycles. The number of attacks in /var/log/secure.log has been slashed and I never find the CPU taxed from attacks. I'm not certain it's perfect in what trips it, but I'm impressed, and the MacOSX maintainer is responsive.
I recently found sshdfilter ( http://projects.seas.columbia.edu/sshdfilter/ ), and wanted to share it with the MacRumors community. If a red flag is thrown on the SSHD authentication, the offending system can get firewalled out. Connecitons that don't even make it to the SSHD daemon don't eat up near as much CPU cycles. The number of attacks in /var/log/secure.log has been slashed and I never find the CPU taxed from attacks. I'm not certain it's perfect in what trips it, but I'm impressed, and the MacOSX maintainer is responsive.
