> -----Original Message----- > From: D. Hugh Redelmeier [mailto:[EMAIL PROTECTED] > Sent: Monday, March 05, 2007 1:26 PM > To: [email protected] > Subject: [on-asterisk] hacked [EMAIL PROTECTED] > > I regularly get attacks against my sshd.
You could also filter who is/isn't allowed to connect to the SSH service (or others daemons) by configuring 'hosts.allow' and 'hosts.deny' files inside your /etc/ folder. It's old technology, but it works. If you know you're only ever going to be maintaining the box from work or through certain ISPs, you can block a significant amount of your attacks this way. See 'man hosts.allow' for more information, but assuming you only want SSH access into your box from some local ISPs (to be able to get in from home), your internal network, and your own domain, something like this is effective.. /etc/hosts.deny --------------- sshd: ALL EXCEPT 192.168., .yourdomain.com, .cogeco.ca, .rogers.com, .sympatico.ca Make sure you have local access to the box before attempting any of this. You may need to walk over to the server to login and temporarily fix your hosts.deny if you mess up. :) -Marc
