nanog mailing list archives
Re: how to deal with port scan and brute force attack from AS 8075 ?
From: cyrus ramirez via NANOG <nanog () nanog org>
Date: Thu, 31 Mar 2016 14:56:16 +0000 (UTC)
You could use Shields Up to view your vulnerabilities... obvious ones, and remedy... Cyrus Ramirez On Thursday, March 31, 2016 10:21 AM, "Valdis.Kletnieks () vt edu" <Valdis.Kletnieks () vt edu> wrote: On Thu, 31 Mar 2016 10:02:05 +0200, "marcel.duregards--- via NANOG" said:
We consider port scan and brute force on ssh port as an attack, and even
So explain to me why you don't have ACLs that silently drop inbound SYN packets on port 22 from outside your allocated address space? (And if you can't do it at your border because you sub-allocate address space to customers, figure out how to use iptables or similar to block it on the target hosts, or only apply the ACL for your own subnets). If you have a *legitimate* business case for needing to SSH in from outside, there are fine products such as OpenVPN (and not-so-fine like the one we have in production - although it's mostly usable too, and achieves the goal of presenting you as being inside our corporate address space) Also, move your SSH service to some port other than 22, and consider putting 'Password Authentication no/PubKeyAuthentication yes' in your sshd_config. I admit never understanding why people run their systems in a low-hanging fruit configuration, and then are surprised that miscreants go looking for low hanging fruit. (For the record, our border routers drop inbound SYN on port 22 on *both* ipv4 and ipv6 address spaces. It's amazing how few brute force attempts we see on our servers... :)
Current thread:
- Re: how to deal with port scan and brute force attack from AS 8075 ? DV (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Brandon Vincent (Apr 07)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Bacon Zombie (Apr 07)
- <Possible follow-ups>
- Re: how to deal with port scan and brute force attack from AS 8075 ? Davide Davini (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? cyrus ramirez via NANOG (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? William Herrin (Apr 07)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Jared Mauch (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? William Herrin (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Brandon Vincent (Apr 07)