mailing list archives
Re: targetted SSH bruteforce attacks
From: "Mr. MailingLists" <mailinglists () soul-dev com>
Date: Thu, 17 Jun 2010 16:56:41 -0500
On 6/17/2010 6:48 AM, Gary Baribault wrote:
I have a strange situation and would like information from the
list members. I have three Linux boxes exposed to the Internet. Two of
them are on cable modems, and both have two services that are publicly
available. In both cases, I have SSH and named running and available
to the public. Before you folks say it, yes I run SSH on TCP/22 and no
I don't want to move it to another port, and no I don't want to
restrict it to certain source IPs.
Since almost every angle of securing SSHD publicly have already been listed I will not
delve into that, so take my advice with a grain of salt.
In my environment, in order to access any of what I call trusted resources (such as ssh) I
require myself to have VPN connectivity. This eliminates the need of having SSHD listen
publicly, and as expected, eliminated all unknown hosts accessing my box via SSHD. It also
made my auth log much shorter and manageable as well :), but it is also more boring.
I'm guessing this wont work for your situation (seeing that you don't want to change the
public port either).
Otherwise, as said before:
Changing the port will absolutely reduce the number of hits, and concurrent attack attempts.
Use of port-knocking techniques will also achieve the above, and the use of PKA will
almost (almost, nothing is certain, hehe Debian) eliminate the chance of the opposition
recreating your private key.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: targetted SSH bruteforce attacks Xin LI (Jun 17)
Re: targetted SSH bruteforce attacks Mr. MailingLists (Jun 17)
Re: targetted SSH bruteforce attacks Mark Byrne (Jun 17)
Re: targetted SSH bruteforce attacks Pavel Kankovsky (Jun 18)
Re: targetted SSH bruteforce attacks Ashish SHUKLA (Jun 18)
Re: targetted SSH bruteforce attacks Ryan Castellucci (Jun 23)
- Re: targetted SSH bruteforce attacks, (continued)