[cumbria_lug] Preventing SSH attacks

Ian Linwood ian_linwood_clug at dinwoodie.freeuk.com
Sat Jan 22 09:06:31 GMT 2005


Hello Schwuk,

Thursday, January 20, 2005, 2:49:41 PM, you wrote:

S> http://www.soloport.com/iptables.html

Yuk.

Ok, saves messing up your pretty logs. But isn't that why they are
there? This does not prevent someone from scripting the attack, to
activate/deactivate the port. How are you protected once you activate
the port? What's the f=@king point!!

Why not change the port that SSH uses. OK, use 22 on internal
network, but have a separate instance on a higher, less obvious port.
Oh, and use a version of SSH that has privilege separation.

At the end of the day would it be nice to know if you are under
attack? Just because the monkey cannot see the bus hurtling down the
road, doesn't mean it won't turn him into road pizza!

-- 
Best regards,
 Ian




More information about the Cumbria mailing list