| 1 |
There is another, dirty hack, posibility.... change the port that ssh i |
| 2 |
listening on (done in /etc/ssh/sshd_config). Change it to a normaly not |
| 3 |
used port (> 1024). Normal scannes only scan known port and often only |
| 4 |
port lower than 1024. use.. like 20202 for ssh. You'll just have to |
| 5 |
remember the port number when connecting. |
| 6 |
|
| 7 |
use: ssh -p 20202 -l youruser your.server.com |
| 8 |
|
| 9 |
-- |
| 10 |
Mvh Lasse B. Jensen |
| 11 |
|
| 12 |
On Mon, 9 Aug 2004, Andrew Gaffney wrote: |
| 13 |
|
| 14 |
> Lasse B. Jensen wrote: |
| 15 |
>> You cannot just add the sleep function. I will only give 1 minute sleep |
| 16 |
>> when you initialing your firewall. |
| 17 |
>> |
| 18 |
>> The best thing you can do i to only allow certaion ips to connect to your |
| 19 |
>> server, fx: |
| 20 |
>> |
| 21 |
>> iptables -A INPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT |
| 22 |
>> iptables -A INPUT -p tcp --dport 22 -j DROPA |
| 23 |
>> |
| 24 |
>> Which will drop alle connections to port 22 (ssh) expect connections from |
| 25 |
>> 192.168.0.2 (more can easily be added) |
| 26 |
> |
| 27 |
> The problem with this is that I need to be able to connect from wherever I |
| 28 |
> happen to be when I need to connect. I have to have port 22 open to the |
| 29 |
> world. What I really want to prevent is the 4-10 login attempts that these |
| 30 |
> script kiddies make after they find a host with SSH running. I want any login |
| 31 |
> failure via SSH to result in a 1 minute block of the originating IP address. |
| 32 |
> |
| 33 |
> -- |
| 34 |
> Andrew Gaffney |
| 35 |
> Network Administrator |
| 36 |
> Skyline Aeronautics, LLC. |
| 37 |
> 636-357-1548 |
| 38 |
> |
| 39 |
> |
| 40 |
> -- |
| 41 |
> gentoo-security@g.o mailing list |
| 42 |
> |
| 43 |
> |
| 44 |
|
| 45 |
-- |
| 46 |
gentoo-security@g.o mailing list |
Archives