1 |
I would move ssh to a very high port number of your choice. Most ssh |
2 |
port scanners do not bother checking anything other than port 22, as |
3 |
it is too time consuming. I have not had any weird hits on my ssh |
4 |
port in years. It was hammered daily, even with attempted logins and |
5 |
such, with it running on port 22. Now, pretty much nothing. Why not |
6 |
use something like 65350 or some random high port like that? |
7 |
|
8 |
And yes, you probably shouldn't be asking these questions if you have |
9 |
an important linux computer on the internet. Because if it is |
10 |
important, you should know what you are doing before you put it on the |
11 |
internet. |
12 |
|
13 |
If on the other hand, you're just getting to know linux, and the |
14 |
computer is not all that important, then you should be asking these |
15 |
questions. |
16 |
|
17 |
On 7/5/06, Alexander Skwar <listen@×××××××××××××××.name> wrote: |
18 |
> Ryan Tandy wrote: |
19 |
> |
20 |
> > you're running a firewall of some kind (and you'd be crazy not to for |
21 |
> > any publically accessible box), |
22 |
> |
23 |
> Actually, I'd disagree. If only the necessary publicly accessible services |
24 |
> are running on a box, what good should a "firewal" (I suppose you mean |
25 |
> packet filter, like iptables) do? The only useful measure I can think about, |
26 |
> is to do rate limiting. But what else? |
27 |
> |
28 |
> Alexander Skwar |
29 |
> -- |
30 |
> The more laws and order are made prominent, the more thieves and |
31 |
> robbers there will be. |
32 |
> -- Lao Tsu |
33 |
> -- |
34 |
> gentoo-user@g.o mailing list |
35 |
> |
36 |
> |
37 |
-- |
38 |
gentoo-user@g.o mailing list |