break-in attempts on my server
Rich Braun
richb at pioneer.ci.net
Sun Nov 20 23:26:06 EST 2005
Bob George <mailings02 at ttlexceeded.com> wrote:
> Keep in mind there have been exploits against ssh before. You
> might move it to a non-default, higher port just to avoid being
> trivial to discover, in addition to all the other measures.
That's what I do, at the firewall (individual systems run internally at port
22, the home firewall which is a DI604 remaps the port to something else).
After I started doing that a year or so ago, attempts against sshd went down
to none. The typical cracker script apparently doesn't bother looking for
sshd on high-numbered ports.
If you only have one or two systems and no designated firewall then you can
just run sshd on different port numbers.
This is *strongly* recommended for the reason cited by Bob: sshd is a big
complicated program with root permissions, and crackers are constantly looking
for security holes. I have found that no matter how much I try, I can't/don't
want to bother keeping my system software updated as often as the root
exploits are discovered.
Backups. Make sure you do automated backups. (Emphasis on automated.) The
only cost-effective tool I have found that actually accomplishes full
automation is Amanda, and the only cheap hardware that I've found that
produces sufficient copies is an AIT2 tape changer. Everything else either
has a big dollar cost attached, or isn't sufficiently automatic. (I'm open to
challenges, anyone else found a no-/low-cost method of periodically producing
full backups without having to press a button or type a command?)
-rich
More information about the Discuss
mailing list