another way of protection is throttling down TCP SYN attempt rate per
IP address. At least it will save you some CPU, as the SSH daemon
won't have to process every request:
https://txlab.wordpress.com/2013/06/29/protecting-a-vpbx-from-dos-attacks/
On Mon, Jul 2, 2018 at 11:25 AM, Tobias
Hi,
On Mon, Jul 02, 2018 at 12:25:13PM +0200, Manuel Schweizer wrote:
> Not seeing what you are seeing, but I can really recommend Fail2Ban if you
> are not using it already.
Seconded. Even if we do not allow "plain password" authentication on
the Jumphost (it's using PIN + LinOTP tokens), if
Good morning,
Manuel Schweizer writes:
> Hey Tobi
>
> Not seeing what you are seeing, but I can really recommend Fail2Ban if
> you are not using it already.
while the idea of fail2ban is good, I would actually recommend sshguard
instead of fail2ban.
If you are not using a recent version of
> On 2 Jul 2018, at 11:42, Jeroen Massar wrote:
> If you have to run a jumpbox style host: For SSH, it is also heavily
> suggested to disable any form of password-auth, that way, only public
> key authentication is accepted and guess what the scanner scripts do not
> support as they do not have a
Hey Jeroen
> A single IP will only hit you a few times... typically below the
> threshold of standard fail2ban or other alarm bells.
> The distributed scanner will keep on trying by using another IP from
> their vast botnet...
Well, from experience I cannot confirm that at all. Apparently, there
On 2018-07-02 12:25, Manuel Schweizer wrote:
> Hey Tobi
>
> Not seeing what you are seeing, but I can really recommend Fail2Ban if you
> are not using it already.
[..]
> Failed attempts will now be logged and source IPs will be banned after
> several failed attempts.
Which is quite useless
Hey Tobi
Not seeing what you are seeing, but I can really recommend Fail2Ban if you are
not using it already.
It's as simple as:
*** snip 8< ***
# Install fail2ban
apt install fail2ban
# Set log level to VERBOSE in sshd daemon to catch failed logins for existing
accounts as well
cat >>
On 2018-07-02 11:25, Tobias Oetiker wrote:
> Good Morning
>
> are you running an ssh daemon on non standard ports to avoid some of the
> drive-by-scanning ? we have been doing that for quite some time now with
> great reduction of scanning noise ...
I suggest running SSH always behind white-list
Good Morning
are you running an ssh daemon on non standard ports to avoid some of the
drive-by-scanning ? we have been doing that for quite some time now with great
reduction of scanning noise ... since yesterday this has changed ... we are
getting a lot of connection attempts ...
are you
9 matches
Mail list logo
