Dealing with unwelcome visitors
Kenneth E. Lussier
klussier at sentito.com
Mon Aug 16 11:34:00 EDT 2004
On Mon, 2004-08-16 at 10:44, Ted Roche wrote:
> Anyone have a suggestion re:
>
> 1) are these appropriate actions to take?
They are appropriate actions, but the tedious nature of manually adding
the offending IP addresses seems too much. Check out PortSentry. It will
automatically block people trying to connect to closed ports (see next
comment).
> 2) is there any easier way to do it?
Change the port that SSH runs on. This small layer of obscurity will
eliminate about 90% of script kiddies, since most of the scripts run off
of a basic services type file. This will also cause anyone hitting port
22 to trip portsentry and they will be dropped. Another nice feature is
that if they run a port scan against you, they will get dropped before
they find the port that ssh is running on.
Just my $0.02,
Kenny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040816/f001551d/attachment.bin
More information about the gnhlug-discuss
mailing list