-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is a good resource: http://www.webhostgear.com/240.html
Try googling for ssh brute force prevention http://www.google.ca/search?q=ssh%20brute%20force%20prevention I am not a fan of blocking pings as any competant scanning engine will not be affected. It has cost me more in headaches than it has solved (trying to track down networking issues can be a hassle without ICMP echo requests). SSH keys can also make this sort of attack meaningless, though they do introduce their own security implications. Dany Allard wrote: > Szemir > > The best way to block SSH scans is to change the port SSH is running on. > That should take care of 95% of the script kiddies/worms out there. > Also if you DROP pings on your firewall/machine that will also kill many > of the automated scan tools. > Make sure your SSH and FTP versions do not reply with any version > information (used by some worms and automated tools). > Never allow root to SSH in and as you mentioned, if possible lock down > the ip addresses allowed to connect. > Run you SSH and FTP chroot jailed (vsftp does this very easily). > > hope that helps > > Later > > Dany Allard > > bogi wrote: > > >>ssh scan countermeasures >> >>Hi All. >>I am intrested in compiling a list/ set of effective measures to take against >>the all too familiar ssh scan / ssh probes going on. I would also like to >>expand the subject to ftp scans / ftp probes ... >>I will have my 2 cents cad later. I would like to see some good ideas ... >>Cheers >>Szemir >> >> >>## Add the line AllowUsers [EMAIL PROTECTED] >>to /etc/ssh/sshd_config . This would only allow logins to happen from one >>host. Naturally you may add multiple lines to enable all your users to login > >>from their designated hosts. Any logins from other places will fail even if > >>the provided password was correct :-) >> >> >> >> >>_______________________________________________ >>clug-talk mailing list >>[email protected] >>http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>**Please remove these lines when replying >> >> > > > > This message, including any attachments, is intended only for the person(s) > to whom it is addressed. > If you received it in error, please let us know and delete the message from > your system. > This message may be confidential and may fall under the duty of > non-disclosure. > Any use by others than the intended addressee is prohibited. > Trema shall not be liable for damage related to the electronic transmission > of this message, such as failure or delay of its delivery, interception or > manipulation by third parties, or transmission of viruses or other malicious > code. > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDZ/JLwRXgH3rKGfMRAg2yAJ9sIjRAXHMbSEIGutx2+JWu/lLsjgCdG/Vh Af/kWYvtqykt7BRf/MiG6pU= =96ux -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
