So I wanted to take some work home... Mail proved flaky, spam filters, size limits, risk of finger trouble when entering address, black holes, cosmic rays, BOfH knows why.
So scp does well, let me set that up. Open up port 22 pinhole in the home router/firewall. Hmm. Wish I could open up something weird and non-standard but firewall on other side only allows outgoing on 22. But a static ip address costs $10 per month. BLOODY RIPOFF!! A quick scriptie involving wget to pull the status page off the DSE router and ruby Net::ftp to push the encrypted result onto a webserver and a matching one to pull it down and decrypt. So now I have a cronjob that fires once an hour, checks the IP address if its changed splats the ip address onto a webpage. Note 1. The ip address changes surprisingly often! The telco is doing way more work than it needs to. Note 2. Having kiddies in the house means some usernames have less good passwords. So I dug and dug through the config to explicitly only enable access to my own personal username. Turns out that was a very very Good idea. Last night my favourite debug tool triggers... Listen to your computer.... what noise is it making? My dual core's fan starts up if its working hard. The disk drive makes small click click sounds. The disk is going klickitchy klickitchy klickitchy... Working lightly. But working. Not scratch-scratch-scratch of the midnight updatedb run. Just klickitchy-klitchitchy. Hmm. Not me. Run top... sshd busy. Look in /var/log/auth.log Lots of "Invalid username" messages. Shutdown sshd /etc/init.d/sshd stop klickitchy sound stops dead. Trawl logs.. lots and lots and lots and lots of "Invalid username" for every username you can imagine... staff, adm, admin, postgresql, jack, fred, tom, .... Some swine is doing a brute force attack on my sshd Copy and paste IP into google, turns up the web page of someone that has written a perl script to scan his logs and block attackers. And as a side effect list ip addresses he has blocked so far. Including my attacker. Further digging around its a dhcp block on some American isp. Possibly not even the real attacker, just a bot. Currently I've blocked the port 22 on the router again. Also switched off router as this was chewing up my bandwidth. Grr. Oh yes. Side Moral of story. "Broad Band == Brute Force Attacks" You do use passphrases not passwords don't you? ie. _Never_ choose use a password again. ie. _Never_ something like "ch3rry" always Always use a passphrase. An easy to remember phrase from which you take something like the first character of each word. "I'm a lumber jack and I'm OK" == "IaljaI0K" John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : [EMAIL PROTECTED] New Zealand
