Attack from a reserved address

Matt Shields mshields at namemedia.com
Thu Aug 31 13:12:00 EDT 2006 

Instead of changing the port which ssh runs on, try
http://denyhosts.sf.net  It watches your secure.log file for these
attacks and blocks them

Matthew Shields
Sr Systems Administrator
NameMedia, Inc.
(P) 781-839-2828
mshields at namemedia.com
http://www.namemedia.com
 

-----Original Message-----
From: discuss-bounces at blu.org [mailto:discuss-bounces at blu.org] On Behalf
Of Larry Underhill
Sent: Thursday, August 31, 2006 12:41 PM
To: Bill Horne
Cc: discuss at blu.org
Subject: Re: Attack from a reserved address

On Wed, 2006-08-30 at 18:54 -0400, Bill Horne wrote:

> P.S. I've closed the port, but anyone who wants to test it, just drop 
> me an email with your IP address.

Bill,

Dictionary attacks against sshd are really common these days. Have you
considered running sshd on a high numbered port? This simple step
eliminated these kiddie attacks against my home box. (obviously, this
doesn't prevent the more sophisticated attackers)

slightly OT: what are the general practices folks that folks take to
secure the "public" services on their home boxen? I have ssh and http
available. 

My general take is:

* firewall with ssh (on a high num port) and http open. All others are
denied.
* linux distro w/ current updates
* sshd w/ key only access and no remote root login. 
* apache w/ ServerToken and ServerSignature set so I don't broadcast
much info about my apache or platform version. 
* apache defaults to serving a blank html page. Nothing in cgi-bin. All
the sites are served by virtual hosts. Folks port scanning port 80 get
nothing. Folks who actually know the domains get served pages.
  
I also rotate passwords for root and my (one) user account. Any other
tips/tricks?

--Larry




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss at blu.org
http://olduvai.blu.org/mailman/listinfo/discuss

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Discuss mailing list