Home page logo
/

basics logo Security Basics mailing list archives

Re: SSH server under attack...
From: Dave <dlaud.flux () gmail com>
Date: Tue, 24 Jan 2006 18:02:45 -0500

Bryan S. Sampsel wrote:

Set up portsentry on your box and configure it to drop packets from anyone
port-scanning your box.
This sounds like a good idea. But I cant install portsentry on the router...which still can be scanned to find it's *open* ports. I think we are going to set up linux box as firewall using iptables and install portsentry etc...Off hand do you know if portsentry (or any other application that) will notify you in real time of any attempted intrusion via email?

Right there keeps him from finding what you changed the port to.

Then, change the port to some other number and restart both portsentry and
sshd.

I'd recommend a FreeBSD or Linux firewall in front of you that you can do
this config with as your first line defense.

Port Sentry is no longer maintained at its old home, but you can do a web
search and find its new home easily enough.

Good luck.

Sincerely,

Bryan S. Sampsel
LibertyActivist.org


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]