Fwd: Brute-Force SSH Server Attacks Surge -- InformationWeek
Jerry Feldman
gaf at blu.org
Thu May 15 10:36:23 EDT 2008
On Thu, 15 May 2008 09:47:39 -0400
"Bob King" <bob.king.1138 at gmail.com> wrote:
> According to the Information Week article:
>
> http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=207603339
>
> One of the more interesting bits was that the attacks are shifting to a more
> distributed model to avoid detection by IDS/IPS systems, using botnets.
>
> Many distros come with ssh installed by default, and often with root access
> allowed by default. I always thought that disabling root access via ssh is a
> good idea, but reading this I would assume it would be a good idea to just
> deactivate password access via ssh all together and limit access to systems
> with keys known to the host. Moving the sshd to a non-standard port would be
> another move, but would that stop more than the most basic tools?
>
> I would be interested in hearing recommendations from other folks on the
> list.
In addition to the other replies to this, also restrict authentication
to public key.
--
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080515/51d57e99/attachment.bin
More information about the gnhlug-discuss
mailing list