Attack from a reserved address

Rajiv Aaron Manglani rajiv at
Thu Aug 31 13:46:40 EDT 2006

take a look at which blocks 
ip addresses via iptables (denyhosts depends on sshd with tcp wrappers 
support). if a machine is attempting to hack in via ssh, you probably do 
not want any ip packats from it.

On Thu, 31 Aug 2006, Matt Shields wrote:

> Instead of changing the port which ssh runs on, try
>  It watches your secure.log file for these
> attacks and blocks them
> Matthew Shields
> Sr Systems Administrator
> NameMedia, Inc.
> (P) 781-839-2828
> mshields at
> -----Original Message-----
> From: discuss-bounces at [mailto:discuss-bounces at] On Behalf
> Of Larry Underhill
> Sent: Thursday, August 31, 2006 12:41 PM
> To: Bill Horne
> Cc: discuss at
> Subject: Re: Attack from a reserved address
> On Wed, 2006-08-30 at 18:54 -0400, Bill Horne wrote:
>> P.S. I've closed the port, but anyone who wants to test it, just drop
>> me an email with your IP address.
> Bill,
> Dictionary attacks against sshd are really common these days. Have you
> considered running sshd on a high numbered port? This simple step
> eliminated these kiddie attacks against my home box. (obviously, this
> doesn't prevent the more sophisticated attackers)
> slightly OT: what are the general practices folks that folks take to
> secure the "public" services on their home boxen? I have ssh and http
> available.
> My general take is:
> * firewall with ssh (on a high num port) and http open. All others are
> denied.
> * linux distro w/ current updates
> * sshd w/ key only access and no remote root login.
> * apache w/ ServerToken and ServerSignature set so I don't broadcast
> much info about my apache or platform version.
> * apache defaults to serving a blank html page. Nothing in cgi-bin. All
> the sites are served by virtual hosts. Folks port scanning port 80 get
> nothing. Folks who actually know the domains get served pages.
> I also rotate passwords for root and my (one) user account. Any other
> tips/tricks?
> --Larry

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Discuss mailing list