Brute-Force SSH Server Attacks Surge -- InformationWeek
Drew Van Zandt
drew.vanzandt at gmail.com
Thu May 15 10:10:40 EDT 2008
I used to get a few thousand attempts every day on port 22. Restricting by
IP is a *good* thing.
Suggestion: Restrict SSH access to certain IPs. Write a PHP or Python web
app that can add an IP to that list (and also conveniently tells you what
your IP is.) The app should do this:
1) Text message your cell phone when an IP is added.
2) 3 minutes (or 5, or whatever) later, actually add the IP.
Since adding IPs is rare, the delay isn't ordinarily an issue, nor is the
text message.
I'm assuming the web app would have at least some sort of trivial
authentication/password as well, even just .htaccess. Since it alerts you
when used, it doesn't need to be draconian.
Of course, I'd rather you all stayed on port 22 with no access
restrictions. I don't have to outrun the bear, I only need to outrun you.
;-)
--DTVZ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080515/3c4ecc50/attachment-0001.html
More information about the gnhlug-discuss
mailing list