break-in attempts on my server

Rich Braun richb at pioneer.ci.net
Sun Nov 20 23:26:06 EST 2005


Bob George <mailings02 at ttlexceeded.com> wrote:
> Keep in mind there have been exploits against ssh before. You
> might move it to a non-default, higher port just to avoid being
> trivial to discover, in addition to all the other measures.

That's what I do, at the firewall (individual systems run internally at port
22, the home firewall which is a DI604 remaps the port to something else). 
After I started doing that a year or so ago, attempts against sshd went down
to none.  The typical cracker script apparently doesn't bother looking for
sshd on high-numbered ports.

If you only have one or two systems and no designated firewall then you can
just run sshd on different port numbers.

This is *strongly* recommended for the reason cited by Bob:  sshd is a big
complicated program with root permissions, and crackers are constantly looking
for security holes.  I have found that no matter how much I try, I can't/don't
want to bother keeping my system software updated as often as the root
exploits are discovered.

Backups.  Make sure you do automated backups.  (Emphasis on automated.)  The
only cost-effective tool I have found that actually accomplishes full
automation is Amanda, and the only cheap hardware that I've found that
produces sufficient copies is an AIT2 tape changer.  Everything else either
has a big dollar cost attached, or isn't sufficiently automatic.  (I'm open to
challenges, anyone else found a no-/low-cost method of periodically producing
full backups without having to press a button or type a command?)

-rich




More information about the Discuss mailing list