break-in attempts on my server
Charles C. Bennett, Jr.
ccb at acm.org
Mon Nov 21 09:50:54 EST 2005
On Sun, 2005-11-20 at 20:20 -0500, Bob George wrote:
> David Kramer wrote:
>
> > [...]Thanks all. I guess it's best to just ignore it, now that I
> > tightened up
> >
> >ssh a little and ensured nothing actually got through.
> >
> >
> Keep in mind there have been exploits against ssh before. You might move
> it to a non-default, higher port just to avoid being trivial to
> discover, in addition to all the other measures. At least that way, a
> full discovery port scan will take a lot longer to complete.
This actually works wonders. I too have gnarly passwords but
got sick of seeing half a dozen script kiddies fiddling around
on port 22 every day - IP addrs from everywhere on the planet.
I closed 22 at my firewall, opened a higher port, reconfigured
sshd and haven't heard a peep out of them ever since. Next time
I do I'll be switching to a 'knock and enter' scheme: ping this
port, ping that one and my ssh port magically appears on the third.
ccb
--
Charles C. Bennett, Jr. <ccb at acm.org>
More information about the Discuss
mailing list