Brute-Force SSH Server Attacks Surge -- InformationWeek
kenta
kenta at guster.net
Thu May 15 09:58:17 EDT 2008
I ended up with the following config...
Bind ssh to two ports: 22 and a non standard port
In my firewall rules I specifically allow certain IP's to connect to port
22. These include my internal network (192.168) and a handful of IP's from
other hosts that I interact with on a regular basis.
Anyone can ssh to the non-standard point, but from what I've seen the
attempts are few and far far between since most people aren't looking for
it. I used to get a handful or a few hundred handfuls of ssh login
failures when I was on just 22, now I get pretty much none.
-Kenta
On 5/15/08, Bob King <bob.king.1138 at gmail.com> wrote:
>
> According to the Information Week article:
>
>
> http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=207603339
>
>
> One of the more interesting bits was that the attacks are shifting to a
> more distributed model to avoid detection by IDS/IPS systems, using botnets.
>
> Many distros come with ssh installed by default, and often with root access
> allowed by default. I always thought that disabling root access via ssh is a
> good idea, but reading this I would assume it would be a good idea to just
> deactivate password access via ssh all together and limit access to systems
> with keys known to the host. Moving the sshd to a non-standard port would be
> another move, but would that stop more than the most basic tools?
>
> I would be interested in hearing recommendations from other folks on the
> list.
>
>
>
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080515/2bab0be2/attachment.html
More information about the gnhlug-discuss
mailing list