Gerard Beekmans wrote:
Hey guys,
Just wondering who else has been getting these. I have a /24 IP space
that seems to be targeted lately for sshd bruce force attacks. I can't
seem to keep up with firewalling the bad guys out. Luckily there's no
such thing as weak passwords on the servers I have access to, so all
should be well. For now anyway. It's just annoying.
Yeah I could block all access to port 22 and only allow a select few
IP addresses access but this makes things cumbersome when I try to
login to my machine when I'm out of town.
The only maybe way around this is create a web app where I can input
IP addresses that can SSH and some cronjob to check for changes and
update the firewall accordingly.
Does anybody have other ideas? I'd like to keep ssh open for
convenience reasons. It'd really suck if I block the world, am out of
town, get an emergency call for work, and "oops I can't login until
I'm home again which will be in a few days. Sorry boss, you'll just
have to live with the downed service until then." That's not going to
go over very well.
These type of attacks are on the rise and both my machine and works
servers are targeted every day. If you have strong passwords then there
is not too much to worry about. There are several blockers out on the
net that are quite good. If you search for them on google you will get
several straight off. I dont have the names in my head atm, sorry.
Another thing you can do is go over your sshd_config file with a fine
toothed comb and disable root login, allow only you as a user (assuming
that just you will be logging in) and set your MaxStartups to 3/75/10
HTH
--
Shane Shields
Registered LFS Compiler: 7582
To drink the WINE of success you must first seek the sayings of source
Anyone sending unwanted advertising e-mail to this address will be charged $25
for network traffic and computing time. By extracting my address from this
message or its header, you agree to these terms.
--
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page
