|
||||||||||
Hi, > seems the bad guys do actually know how to get arund that one, too: > > http://www.theregister.co.uk/2008/12/08/brute_force_ssh_attack/ > > darn, how i hate this rat-race. > > it sucks big time. SSH on port 22 ('hiding it' on other ports doesnt work) Stop any text entry authentication - use only certificates (strong ones too!) Use a rate-limiter so that access from random boxes out on the net (and you WILL be using random boxes or else you wouldnt have port 22 listening to the whole world in the first place!) - stops massive connections per second/minute port-knocking method is fairly okay for opening the initial listener....but is a right pain if you've found yourself stuck with a dumb device or on a captive nework that just wont allow those ports :-| LOG your SSH daemon and report all failed non valid auth attempts /brute forces to abuse@range concerned. only through the coordinated reports of many active people can we get the numbers of compromised systems down...there ARE tools to help with such reporting. alan > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |