-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff Coppock wrote: >> From: martin f krafft >> >> but somehow am not comfortable to just do it, which is why I am >> asking for opinions, advice, and feedback from you guys. Would you >> be able to think of reasons why I would *not* want to do that? > > I came up against the same issue some time ago and decided to move my sshd to > a non-standard port. This dramatically reduced the number of log entries, > and I see hardly any login attempts logged. I also updated my snort rules > with the new port. This works for me. I'm also considering setting up a > specific iptables rule to log the ssh hits separately, but there aren't > enough to bother with that so far. > > I figure this setup eliminates the automated ssh exploits, which is the bulk > of it. This won't keep someone enterprising cracker from scanning for the > actual port and then attempting exploits, but this should leave more evidence > to the effect.
I disabled the ping service. Since most automated exploits check if the IP is up-and-running by pinging it, this eliminates a lot of stress - and it is not unusual in that all normal applications will run smoothly, default settings (i.e. port, etc) will work. my 2 cents :) Máté Soós -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEXwMMuXopCweTRxMRAvy/AJ9S171CgRGdIgZIdkFB6Y5sgu3M/QCfX1TX E4dmKi8C7ATbLIBHSURDcec= =njsT -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
