The simplest way to give so some form of security is by port obfuscation
(i.e. using a different, non-standard port number) and translate it on
either your ADSL router or by running SSH on a different port eg. make
port 54202 the port you SSH in on from the outside world and map it to
port 22 internally.
I noticed hacking attempts to my box a few months back but since moving
to a non-standard port I have seen nothing (apart from the rare port scan).
Some will say this is not a valid form of security but it is certainly
better than nothing.
Another option is to only allow certain IP addresses to connect but that
can get a bit messy.
Phill Coxon wrote:
I just jumped into the command line and noticed kernel messages for
failed ssh2 login attempts for bogus users.
Checking my logs it turns out that someone has been trying to hack into
my ADSL connected computer since the 9th with a brute force script
trying different usernames and passwords.
I've blocked ssh access for the moment.
Questions:
(1) Is there some desktop monitoring utility that will immediately
notify me of suscpious behaviour? I'm rather disturbed that it's taken
me 4 days to notice this.
(2) Recommendations for log parsing software that monitors suspicious
logs?
(3) Recommended strategies for dealing with break in attempts like this?
Ban the IPs for a while?
Thanks!
