Vamsee Kanakala <vkanak...@...> writes:
> Try it - run a fairly popular website, it's own mail server and
> look at the logs - you'll be greeted with constant barrage of login
> attempts on common ports. Remapping ports is only the *first step* in
> securing a server. Unless you like keeping your mail/ssh daemons
> needlessly busy with bogus login attempts.
moving the service to other non-standard ports amounts to security by
obscurity. there are several ways to limit those script attacks - more like
security by design. for example, one could do rate limiting of incoming
connections using iptables. to rate limit ssh connections to 3 per minute from
any single ip address, one would do something like
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 2 -j DROP
to deal with more severe / persistent attacks, one can use a package like
fail2ban which affords more flexibility.
sriram
_______________________________________________
To unsubscribe, email [email protected] with
"unsubscribe <password> <address>"
in the subject or body of the message.
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
