> -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of Gregg C Levine > Sent: Tuesday, April 12, 2005 4:04 PM > To: [email protected] > Subject: SSH based attacks > > > Hello from Gregg C Levine > Of the systems that run Linux, how many of you have them directly > accessible to the Internet? > > As all of you know, I run Slackware Linux here, for Intel, practically > every day the system is on, I see people attempting to access the > system via SSH from unknown, to it, IP addresses. > > Are any of you seeing these happen? And what are you doing to prevent > such access?
Hum, if SSH is restricted to specific hosts, I'd just use "iptables" to "drop the packets on the ground" from any other IP addresses. That's what I do at home. Also, I don't respond to "pings" from outside. Another thing to consider is to set up a single system which allows SSH from outside. All the others "stand mute". If somebody needs to ssh to a different server, they ssh to the internet SSH server, then ssh from there to the actual server they need. And never let root ssh in. If somebody needs root (why?), then ssh to a normal user and "su" (or sudo) to do root work. I'll bet you already do that. I just thought I'd say it "just in case". -- John McKown Senior Systems Programmer UICI Insurance Center Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its' content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
