Re: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Greg Rundlett (freephile)
On Mon, Jun 12, 2017 at 4:00 PM, Ted Roche wrote: > On Mon, Jun 12, 2017 at 1:15 PM, Tom Buskey wrote: > > As Ted said in the 2nd sentence, it's running on a non-standard port. > Yes, > > it helps lot to reduce garbage in the logs. > > > > Maybe it's not

Re: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Ted Roche
On Mon, Jun 12, 2017 at 1:15 PM, Tom Buskey wrote: > As Ted said in the 2nd sentence, it's running on a non-standard port. Yes, > it helps lot to reduce garbage in the logs. > > Maybe it's not non-standard enough? > Whadyamean? I'm using the same non-standard port everyone

Re: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Dan Coutu
Insisting on the use of an ssh key instead of login credentials also helps a lot. Dan > On Jun 12, 2017, at 13:15, Tom Buskey wrote: > > As Ted said in the 2nd sentence, it's running on a non-standard port. Yes, > it helps lot to reduce garbage in the logs. > > Maybe it's

Fwd: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Ted Roche
Agreed. However, now that the kiddies have bot armies of millions of machines, they just scan all the ports. I've been running non-standard ports on most servers, and I am seeing similar traffic on many of the machines (with unrelated domains, IP ranges, geography, CIDRs and ISPs) makes me think

Re: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Tom Buskey
As Ted said in the 2nd sentence, it's running on a non-standard port. Yes, it helps lot to reduce garbage in the logs. Maybe it's not non-standard enough? sshguard looks interesting. Thanks! On Mon, Jun 12, 2017 at 12:42 PM, Bruce Dawson wrote: > I have to second this

Re: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Bruce Dawson
I have to second this suggestion - changing the port did wonders for our servers. Of course, as Dan says, it works for script kiddies, not so much against a determined attack on your server. --Bruce On 06/12/2017 09:59 AM, Dan Garthwaite wrote: If you can change the port number it does

Re: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Tom Buskey
I always wonder what they're trying to get. https://krebsonsecurity.com has lots of info on why they do it, what they do with it and how they make $$. There's very few consequences to the attacker for "rattling the doorknob" compared to potential success. On Sun, Jun 11, 2017 at 1:53 PM, Ted

Re: What's the strategy for bad guys guessing a few ssh passwords?

2017-06-12 Thread Dan Garthwaite
If you can change the port number it does wonders against the script kiddies. Just remember to add the new port, restart sshd, then remove the old port. :) On Sun, Jun 11, 2017 at 1:53 PM, Ted Roche wrote: > Thanks, all for the recommendations. I hadn't seen sshguard