[cumbria_lug] Preventing SSH attacks
Schwuk
schwuk at schwuk.com
Sun Jan 23 23:52:54 GMT 2005
Ian Linwood wrote:
> I thought it would be nice to watch port 22 auth failure logs
> happening - means you've got it right. It's the ones that say
> Authentication successful for IP_NEVERHEARDOF that would give me the
> willies.
True, but what about an overflow attack? I've noticed my ssh daemon dead
once or twice, and wondered if it had been caused by an attack.
> Just a wee thought - what happens if you get scanned whilst you are
> engaged in an ssh session - surely the scan will close your port 22.
Depends on your config - if your firewall is setup to accept established
ssh connections regardless, and the port knocking only opens ssh up for
new sessions, then a mid-session port scan will have no effect on you.
Cheers,
--
Schwuk
More information about the Cumbria
mailing list