Szemir The best way to block SSH scans is to change the port SSH is running on. That should take care of 95% of the script kiddies/worms out there. Also if you DROP pings on your firewall/machine that will also kill many of the automated scan tools. Make sure your SSH and FTP versions do not reply with any version information (used by some worms and automated tools). Never allow root to SSH in and as you mentioned, if possible lock down the ip addresses allowed to connect. Run you SSH and FTP chroot jailed (vsftp does this very easily).
hope that helps Later Dany Allard bogi wrote: >ssh scan countermeasures > >Hi All. >I am intrested in compiling a list/ set of effective measures to take against >the all too familiar ssh scan / ssh probes going on. I would also like to >expand the subject to ftp scans / ftp probes ... >I will have my 2 cents cad later. I would like to see some good ideas ... >Cheers >Szemir > > >## Add the line AllowUsers [EMAIL PROTECTED] >to /etc/ssh/sshd_config . This would only allow logins to happen from one >host. Naturally you may add multiple lines to enable all your users to login >from their designated hosts. Any logins from other places will fail even if >the provided password was correct :-) > > > > >_______________________________________________ >clug-talk mailing list >[email protected] >http://clug.ca/mailman/listinfo/clug-talk_clug.ca >Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >**Please remove these lines when replying > > This message, including any attachments, is intended only for the person(s) to whom it is addressed. If you received it in error, please let us know and delete the message from your system. This message may be confidential and may fall under the duty of non-disclosure. Any use by others than the intended addressee is prohibited. Trema shall not be liable for damage related to the electronic transmission of this message, such as failure or delay of its delivery, interception or manipulation by third parties, or transmission of viruses or other malicious code. _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
