Re: [tlug] attack via ssh? (don't panic :-P)

[mudrii <mudrii@example.com>]

Stephen J. Turnbull wrote:

>>>>>>"sjt" == Stephen J Turnbull <stephen@example.com> writes:
>>>>>>            
>>>>>>
>
>  
>
>>>>>>"Michael" == Michael Reinsch <mr@example.com> writes:
>>>>>>            
>>>>>>
>
>    Michael> In my case I also cannot predict from which IP address I
>    Michael> and my users are going to login, so static rules aren't
>    Michael> very helpful.
>
>    sjt> I can't either, but I can limit it to one of a half-dozen
>    sjt> networks.  Of course, six of those are Class B or bigger, but
>    sjt> still, there are 65536 Class B-sized blocks, so I've cut it
>    sjt> by 99% or more.  :-)
>
>BTW, in the last four days there have been 20 requests to open an SSH
>connection, 16 were bogus and all were rejected, 4 were me and all
>succeeded (ie, I think I've managed to include all of my ISPs dynamic
>IPs).  So unless you really have no idea where your users might log in
>from, opening up to whole networks where your users might come in from
>is a viable strategy.
>
>
>  
>
For securety over SSh try Port Knocking


more nfo on http://gentoo-wiki.com/HOWTO_Port_Knocking
Regards