Attack from a reserved address

Larry Underhill lgu at
Thu Aug 31 12:41:24 EDT 2006

On Wed, 2006-08-30 at 18:54 -0400, Bill Horne wrote:

> P.S. I've closed the port, but anyone who wants to test it, just drop 
> me an email with your IP address.


Dictionary attacks against sshd are really common these days. Have you
considered running sshd on a high numbered port? This simple step
eliminated these kiddie attacks against my home box. (obviously, this
doesn't prevent the more sophisticated attackers)

slightly OT: what are the general practices folks that folks take to
secure the "public" services on their home boxen? I have ssh and http

My general take is:

* firewall with ssh (on a high num port) and http open. All others are
* linux distro w/ current updates
* sshd w/ key only access and no remote root login. 
* apache w/ ServerToken and ServerSignature set so I don't broadcast
much info about my apache or platform version. 
* apache defaults to serving a blank html page. Nothing in cgi-bin. All
the sites are served by virtual hosts. Folks port scanning port 80 get
nothing. Folks who actually know the domains get served pages.
I also rotate passwords for root and my (one) user account. Any other


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Discuss mailing list