[Dshield] SSH Bots

Mark L. Fugate markfugate4 at comcast.net
Tue Mar 7 13:53:12 GMT 2006


I get hammered constantly and one of my servers was penetrated last 
summer.  I keep a very close eyeball on my exposed servers and also move 
the listening SSH port around.  That is, not listening on 22 but rather 
listening all over different ports.  Additionally, I maintain a list of 
acceptable addresses that are allowed to connect at my outer most 
firewall.  On top of all of this, I make a point to log all accepted 
connections starting on the clean side of my outer most firewall and run 
an instance of snort inside of each zone.  I know this is overly 
paranoid, but it is both my entertainment and has been a good way to 
watch and learn attack scenarios.


More information about the list mailing list