Re: [Catalyst] [OT] sshd (was Re: Encrypt /Decrypt URI)

2007-05-19 Thread Daniel Hulme 
On Sat, May 19, 2007 at 09:11:27AM -0500, Dave Rolsky wrote:
> On Sat, 19 May 2007, Daniel Hulme wrote:
> >Not really. I run sshd on my home box on a non-default port

> Check out fail2ban. It can be configured to block an IP with firewall 
> rules after it fails to login via SSH a few times. I've installed it on my 
> systems and it reports banning various IPs semi-frequently, which makes me 
> happy since in the past they would've been trying their entire dictionary.

Thanks for all the suggestions, everyone, but seriously, there's no
need. I've had exactly no dictionary attacks against my sshd since I
started running it on a non-default port. I assume they mostly or all
come from old ssh worms trying IP addresses at random.

Yes, it's easy enough to find services running on non-default ports, but
worms don't bother to do so, probably because there are more than enough
easy targets out there.

Sorry to hijack the thread, people.

-- 
You could say the same about birds. What are birds?  We just don't know.
   -- 'Look Around You'
http://surreal.istic.org/  Calm down, it's only ones and zeroes.


signature.asc
Description: Digital signature
___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] [OT] sshd (was Re: Encrypt /Decrypt URI)

2007-05-19 Thread Dave Rolsky 

On Sat, 19 May 2007, Daniel Hulme wrote:


On Sat, May 19, 2007 at 12:24:07PM +0200, A. Pagaltzis wrote:

all you need. F.ex., it would be dumb to run sshd on a port other
than 22, hoping that no one finds it. But if you keep track of


Not really. I run sshd on my home box on a non-default port, because I
was fed up of worms running their dictionaries of uname/password combos
against it, eating my bandwidth and driving my loadavg up the wall. I
keep the box up to date, and my password is non-trivial, so it's not my
only defence, but it makes life easier for me.


Check out fail2ban. It can be configured to block an IP with firewall 
rules after it fails to login via SSH a few times. I've installed it on my 
systems and it reports banning various IPs semi-frequently, which makes me 
happy since in the past they would've been trying their entire dictionary.



-dave

/*===
VegGuide.Orgwww.BookIRead.com
Your guide to all that's veg.   My book blog
===*/

___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/