| 1 |
I would move ssh to a very high port number of your choice. Most ssh |
| 2 |
port scanners do not bother checking anything other than port 22, as |
| 3 |
it is too time consuming. I have not had any weird hits on my ssh |
| 4 |
port in years. It was hammered daily, even with attempted logins and |
| 5 |
such, with it running on port 22. Now, pretty much nothing. Why not |
| 6 |
use something like 65350 or some random high port like that? |
| 7 |
|
| 8 |
And yes, you probably shouldn't be asking these questions if you have |
| 9 |
an important linux computer on the internet. Because if it is |
| 10 |
important, you should know what you are doing before you put it on the |
| 11 |
internet. |
| 12 |
|
| 13 |
If on the other hand, you're just getting to know linux, and the |
| 14 |
computer is not all that important, then you should be asking these |
| 15 |
questions. |
| 16 |
|
| 17 |
On 7/5/06, Alexander Skwar <listen@×××××××××××××××.name> wrote: |
| 18 |
> Ryan Tandy wrote: |
| 19 |
> |
| 20 |
> > you're running a firewall of some kind (and you'd be crazy not to for |
| 21 |
> > any publically accessible box), |
| 22 |
> |
| 23 |
> Actually, I'd disagree. If only the necessary publicly accessible services |
| 24 |
> are running on a box, what good should a "firewal" (I suppose you mean |
| 25 |
> packet filter, like iptables) do? The only useful measure I can think about, |
| 26 |
> is to do rate limiting. But what else? |
| 27 |
> |
| 28 |
> Alexander Skwar |
| 29 |
> -- |
| 30 |
> The more laws and order are made prominent, the more thieves and |
| 31 |
> robbers there will be. |
| 32 |
> -- Lao Tsu |
| 33 |
> -- |
| 34 |
> gentoo-user@g.o mailing list |
| 35 |
> |
| 36 |
> |
| 37 |
-- |
| 38 |
gentoo-user@g.o mailing list |
Archives