Attacks on ssh port
Frankye - ML
listsucker at ipv5.net
Sat Sep 18 09:38:40 PDT 2004
On Sun, 19 Sep 2004 00:29:55 +1000 (EST)
Chris Ryan <chrisryanemail at yahoo.com.au> wrote:
| >
| > I've just moved the public port of the sshd on
| > another port, quite lame
| > but at least I'm not bothered by worms :)
|
|
| i believe this has to be one of the simplest ways of
| stopping incoming ssh attacks.
Of course, this is just to stop mindless (and quite lame in this case)
worms to fill my logs. It's almost-nonexistent impact on the complexity of
the system, and almost all the scans (by worms or people with a
portscanner) directed to ssh I've ever received are directed to 22 only.
This, btw, seems to be the case with all the people I've speaked with on
the subject, so I guess it's a good addition to the usual precautions
(disallow certain users, do not use passwords and so on, guess everyone
has a favorite receipt :)
Frankye
--
Frankye Fattarelli |U| |P| |S|F|
frankye.DIESPAMMERSDIE at ipv5.net |R| |S| |Y|I|
this email is RFC 3514 compliant |G| |H| |N|N|
More information about the freebsd-security
mailing list