> Thats kinda true, I've changed the port for my ssh and the problem with > scans/attacks was reduced to a minimum.
You simply reduce the background chatter. Yes, you keep out some stupid scripts. But can you feel safe? No, not at all. Keep your services safe. For ssh that means: - if you can, control access to the service by source IP - maybe use just 2 or 3 gateway hosts you can ssh into from everywhere, and connect to the other servers from there - block the root user (and any other service-account) - use some of the scripts posted here to block access after a few failed login attempts - dont use password authentication, use keys with a good passphrase - if you need to use passwords, consider tokens. Danny _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
