> > Andrew Errington wrote: > > >I'm expecting the answer no. <snip> > > > I'd agree with you really. Until you start hosting other services on > your servers, there's not too much of a need.
Hmm. That's what I thought. > I would just check and see what ports are open - run an nmap of your > server from horse or something - and take any appropriate action. My > router has a 'default destination' option, which I don't use! Mind you, > you could have some fun with it. Yes, I've used nmap inside and outside my network to verify what I thought I'd done. > For you, the only real use of a firewall would be to log and stand back > in amazement at the number of attempts made on your address! I get that in auth.log: Apr 21 13:17:46 virgo sshd[11537]: Connection from 213.202.216.87 port 45651 Apr 21 13:17:46 virgo sshd[11537]: Enabling compatibility mode for protocol 2.0 Apr 21 13:17:48 virgo sshd[11539]: Connection from 213.202.216.87 port 45991 Apr 21 13:17:49 virgo sshd[11539]: Enabling compatibility mode for protocol 2.0 Apr 21 13:17:51 virgo sshd[11541]: Connection from 213.202.216.87 port 46207 Apr 21 13:17:52 virgo sshd[11541]: Enabling compatibility mode for protocol 2.0 Apr 21 13:17:54 virgo sshd[11543]: Connection from 213.202.216.87 port 46545 Apr 21 13:17:54 virgo sshd[11543]: Enabling compatibility mode for protocol 2.0 Apr 21 13:17:57 virgo sshd[11545]: Connection from 213.202.216.87 port 46777 213.202.216.87 is in Germany. I have no idea who it is, an it's probably a zombie anyway. I get attempts at logging in as root, news, mail, uucp and so on from all over the world (but mostly China, Korea, India and Romania). I think of sshd as my front door, with a very narrow bridge leading to it (i.e. it's the only way in), and attempts like this as knocking on the door. I just hope that no-one can jimmy the lock (or rather, I have taken what steps I can to ensure no-one can do that). Andy
