[Leaplist] SShellPhishing Blacklist
John Simpson
jms1 at jms1.net
Wed Sep 24 16:26:47 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2008-09-24, at 1412, ray wrote:
>
> how to implement?
>
> http://isc.sans.org/diary.html?storyid=5047
step one. change your sshd to listen on a port number OTHER than 22.
yes, it's security through obscurity and therefore not really worth a
whole lot, in and of itself... but i have a client in the UK whose
sshd is still running on port 22, and their server is attacked by
about 10-15 different client IPs per hour. i ended up having to write
a script which watches their syslogs in real time, and when it sees
more than a certain number of "sshd: bad password" or "sshd: unknown
user" messages from the same IP in a certain amount of time, it
creates an iptables rule which blocks that IP immediately.
then i look at my own server, where all i've done is forced it to use
the SSHv2 protocol (the older v1 protocol has weaknesses in the
implementation of the initial key exchange) and changed it from port
22 to something else... this was several years ago. and since then,
the only time i have ever seen "bad password" or "unknown user" is
from a legitimate user who made a typo.
- --------------------------------------------------------
| John M. Simpson -- KG4ZOW -- Programmer At Large |
| http://www.jms1.net/ <jms1 at jms1.net> |
- --------------------------------------------------------
| Hope for America -- http://www.ronpaul2008.com/ |
- --------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkjaoocACgkQj42MmpAUrRq3ggCcDeml1JANKnpgNJcBofLdNDAb
teIAniCUDGQ6n3Gct2zSwnvLbS45J5Z4
=cSKM
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list