Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attacks against SSH?

From: Adam Manock <abmanock () earthlink net>
Date: Mon, 03 Dec 2001 17:14:21 -0500
At 11:20 AM 12/3/01 -0800, Armando B. Ortiz wrote:

Per se, I have not seen anyone attacking my systems in general via SSH,
but I only allow limited access to my servers via any type of remote
login facility.

Firewalling your SSH and only allowing connections into it that you want
might help to curb some of the attacks people are seeing.  It's not very
difficult to do...just takes a little time.


Good point. How many people need to allow SSH from the entire world?

Setting up a firewall to only allow SSH from a few select static IPs is a
much better idea. If that can't be done, at least limit allowed source IPs
to the subnet that the remote user's ISP hands out via DHCP. (Most ISPs
will at least provide this info, if they won't provide a static IP)

SSH is a really useful tool, but is also a potentially very nasty single point
of failure on many networks.

Adam Manock



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: