From: Phill Edwards [[email protected]] Sent: Tuesday, 10 November 2009 12:24 PM To: Shorewall Users Subject: Re: [Shorewall-users] counter SSH brute force attacks
> On my web server, i setup a password protected php page that I can > browse to from anywhere and > it will save my IP to a file. In the backend I have a script running > every minute looking for that > file, if it's found the IP is read into the shorewall params file and > then shorewall is restarted and > I have ssh access. I don't use it often, but it's there in case. > Mostly if my home IP changes and I > need access. I do something similar. I have a specially worded email that will get picked up by procmail which then executes a script to open up access to whatever IP I specified in the email. Another specially worded email closes the access down again. Works really well. This too has its issues, SMTP is not secure be design. I have SSH on a non standard port, IPTables is configured to DROP any connections to that port, I have a port-knock'ing daemon setup listening on several other totally unrelated ports on both TCP and UDP, and when the correct sequence of knocks is heard, IPTables will open access to the SSH litening port for 15 seconds. Other than this I have made significant changes to the servers with modifying TTL reply data, Service Banners for HTTP, POP3, and SMTP so the servers are consistently detected incorrectly by "nmap -O", and many other small tips and tricks. Some of which may involve a dummy listener on NFS, or port 139, depending what I wanted to masq. as. Still, with all that, security by obscurity, isnt security at all, but it can be a small part of increasing the work-factor, and this may be just enough to convince the would be cracker to try some other server instead. Regards, T ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with NOTE: URL removed for security purposes - contact [email protected] for support. _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
