Home page logo
/

basics logo Security Basics mailing list archives

Re: SSH server under attack...
From: Josh Chaney <draino () gmail com>
Date: Tue, 24 Jan 2006 16:17:03 -0700

Lots of things you can do to prevent it from locking out accounts, but
there's no real way to stop him from eating your bandwidth. Do the
real users who SSH into this machine need access from outside of your
local network? If they don't, just use iptables to block or drop any
packets to that port from the outside. I believe the SSH configuration
should allow you to do this as well. If they do, then you might want
to look into using something like Snort to automate the blocking of IP
addresses that are doing something they shouldn't be.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]