On 11/16/2012 10:07 AM, Noah Mehl wrote: > Todd, > > The private subnet is: 172.16.0.0 - 172.31.255.255. That IP is a public IP > address, which is part of AOL in Nevada I think. I actually have over 80 > different public IP address entries in my log using that user to SSH to my > SipXecs box. > > I understand that it's a phone system and not a firewall. However it's a > linux server, and IPtables is the best firewall in world, IMHO. I did have > SSH access open to the world, that was my choice. I have never been bitten > by this before. Either way, you should not be able to execute anything by > SSH'ing with the PlcmSpIp user, whether it's a public IP or not. > > I would recommend all your ssh servers have sshd_config with at least: AllowUsers user1name,user2name PermitRootLogin no
I am also a big fan of fail2ban -- Regards -------------------------------------- Gerald Drouillard Technology Architect Drouillard & Associates, Inc. http://www.Drouillard.biz _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
