> -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of Grega Bremec > Sent: Thursday, July 21, 2005 1:45 AM > To: [email protected] > Subject: Re: Security questions and scads of NOUSER based SSH attacks > <snip> > > Apart from what everybody else suggested, that is, > restricting logins to > just a couple of authorized addresses via means of firewall rules, > disabling tunneled cleartext password authentication and replacing it > with challenge-response, OTP or kerberos-based > authentication, there is > an extremely simple trick that will allow you to go by completely > unnoticed by those kinds of tools: change the port ssh is > listening on.
One other possibility to changing the port upon which sshd listens is if you are using a firewall. Have _it_ redirect the port. E.g. have the firewall direct connection requests to, say, port 9827 to go to port 20 on the correct host behind the firewall. > > This way, you will have known someone attempting to connect on that > port, using _proper_ ssh protocol, is either a user forgetting their > password, or a real threat you should investigate further. > <snip> > > Hope to have helped. > > Kind regards, > - -- > Grega Bremec > gregab at p0f dot net -- John McKown Senior Systems Programmer UICI Insurance Center Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its' content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
