Full Disclosure mailing list archives
Re: targetted SSH bruteforce attacks
From: "Mr. MailingLists" <mailinglists () soul-dev com>
Date: Thu, 17 Jun 2010 16:56:41 -0500
Hello Gary/List! On 6/17/2010 6:48 AM, Gary Baribault wrote:
Hello list, I have a strange situation and would like information from the list members. I have three Linux boxes exposed to the Internet. Two of them are on cable modems, and both have two services that are publicly available. In both cases, I have SSH and named running and available to the public. Before you folks say it, yes I run SSH on TCP/22 and no I don't want to move it to another port, and no I don't want to restrict it to certain source IPs.
Since almost every angle of securing SSHD publicly have already been listed I will not delve into that, so take my advice with a grain of salt. In my environment, in order to access any of what I call trusted resources (such as ssh) I require myself to have VPN connectivity. This eliminates the need of having SSHD listen publicly, and as expected, eliminated all unknown hosts accessing my box via SSHD. It also made my auth log much shorter and manageable as well :), but it is also more boring. I'm guessing this wont work for your situation (seeing that you don't want to change the public port either). Otherwise, as said before: Changing the port will absolutely reduce the number of hits, and concurrent attack attempts. Use of port-knocking techniques will also achieve the above, and the use of PKA will almost (almost, nothing is certain, hehe Debian) eliminate the chance of the opposition recreating your private key. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: targetted SSH bruteforce attacks, (continued)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 23)
- Re: targetted SSH bruteforce attacks Cody Robertson (Jun 23)
- Re: targetted SSH bruteforce attacks Xin LI (Jun 17)
- Re: targetted SSH bruteforce attacks Paul Schmehl (Jun 17)
- Re: targetted SSH bruteforce attacks John Jacobs (Jun 17)
- Re: targetted SSH bruteforce attacks Xin LI (Jun 17)
- Re: targetted SSH bruteforce attacks Valdis . Kletnieks (Jun 18)
- Re: targetted SSH bruteforce attacks Marsh Ray (Jun 21)
- Message not available
- Re: targetted SSH bruteforce attacks Marc Olive (Jun 22)
- Re: targetted SSH bruteforce attacks bugs (Jun 26)
- Re: targetted SSH bruteforce attacks Sebastian Rother (Jun 17)
- Re: targetted SSH bruteforce attacks Thor (Hammer of God) (Jun 17)
- Re: targetted SSH bruteforce attacks BMF (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 18)
- Re: targetted SSH bruteforce attacks Ashish SHUKLA (Jun 18)