Re: SSH server under attack...

[Dave <dlaud.flux () gmail com>]

Bryan S. Sampsel wrote:

> Set up portsentry on your box and configure it to drop packets from anyone
> port-scanning your box.
>  
This sounds like a good idea. But I cant install portsentry on the 
router...which still can be scanned to find it's *open* ports. I think 
we are going to set up linux box as firewall using iptables and install 
portsentry etc...Off hand do you know if portsentry (or any other 
application that) will notify you in real time of any attempted 
intrusion via email?

> Right there keeps him from finding what you changed the port to.
>
> Then, change the port to some other number and restart both portsentry and
> sshd.
>
> I'd recommend a FreeBSD or Linux firewall in front of you that you can do
> this config with as your first line defense.
>
> Port Sentry is no longer maintained at its old home, but you can do a web
> search and find its new home easily enough.
>
> Good luck.
>
> Sincerely,
>
> Bryan S. Sampsel
> LibertyActivist.org
>  


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------