On 18 Sep 2005 13:40:04 +0000, Oleg Goldshmidt <[EMAIL PROTECTED]> wrote: > I see a lot of those in the log of my home machine. Basically, I have > ssh open and I connect to the machine myself when I am at work, > travelling, etc. I am typing this mail while connected via ssh.
I used to see tons of such attempts on my home machine too (I used to have ssh and http services for private proposes) until I just moved to services to some random non-standard ports. I still treated them cautiously (no obvious passwords, no unprotected web applications etc) but at least my logs stopped blowing up so fast every day, and I could check them much more easely. Port-Knocking always sounds like an attractive idea but I was worried from getting stuck somewere where I couldn't run a client, and just changing the port of the service was much easier and achieved similar results. One idea I never get around to implement is to fetch the public geoip database and build a firewall rule which will ban most of the countries of the world (e.g. I don't expect to login from Vietnam or provide family photos to Tibet in the near future). And BTW - the fail2ban that Baruch mentioned is the debian package I was reffering to. Cheers, --Amos ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
